Oilpan: disable conservative GCs during initial GC mixin construction.

Source/platform/heap/Heap.h

Index: Source/platform/heap/Heap.h
diff --git a/Source/platform/heap/Heap.h b/Source/platform/heap/Heap.h
index 0a00ff544a88991b8f4dfb8cd2c130ef9733b6ce..885aaa4dac2be96a332d1991774aeb1489c9ad9c 100644
--- a/Source/platform/heap/Heap.h
+++ b/Source/platform/heap/Heap.h
@@ -1091,68 +1091,6 @@ struct HeapIndexTrait {
 FOR_EACH_TYPED_HEAP(DEFINE_TYPED_HEAP_TRAIT)
 #undef DEFINE_TYPED_HEAP_TRAIT
 
-template<typename T, typename Enabled = void>
-class AllocateObjectTrait {
-public:
-    static Address allocate(size_t size)
-    {
-        ThreadState* state = ThreadStateFor<ThreadingTrait<T>::Affinity>::state();
-        return Heap::allocateOnHeapIndex(state, size, HeapIndexTrait<T>::index(), GCInfoTrait<T>::index());
-    }
-
-    static void constructor()
-    {
-    }
-};
-
-template<typename T>
-class AllocateObjectTrait<T, typename WTF::EnableIf<blink::IsGarbageCollectedMixin<T>::value>::Type> {
-public:
-    // An object which implements GarbageCollectedMixin is marked
-    // and traced during GC by first adjusting object references to
-    // it to refer to the leftmost base for the object (which would
-    // be a GarbageCollected-derived class.) The prefixed object header
-    // can be located after that adjustment and its trace() vtbl slot
-    // will be used to fully trace the object, if not already marked.
-    //
-    // A C++ object's vptr will be initialized to its leftmost base's
-    // vtable after the constructors of all its subclasses have run,
-    // so if a subclass constructor tries to access any of the vtbl
-    // entries of its leftmost base prematurely, it'll find an as-yet
-    // incorrect vptr and fail. Which is exactly what a garbage collector
-    // will try to do if it tries to access the leftmost base while one
-    // of the subclass constructors of a GC mixin object triggers a GC.
-    // It is consequently not safe to allow any GCs while these objects
-    // are under (sub constructor) construction.
-    //
-    // To achieve that, the construction of mixins are handled in a
-    // special manner:
-    //
-    //  - The initial allocation of the mixin object will enter a no GC scope.
-    //  - The constructor for the leftmost base, which is when the mixin
-    //    object is in a state ready for a GC, leaves that GC scope.
-    //  - no-GC scope entering/leaving must support nesting.
-    //
-    static Address allocate(size_t size)
-    {
-        ThreadState* state = ThreadStateFor<ThreadingTrait<T>::Affinity>::state();
-        Address object = Heap::allocateOnHeapIndex(state, size, HeapIndexTrait<T>::index(), GCInfoTrait<T>::index());
-        state->enterGCForbiddenScope();
-        return object;
-    }
-
-    static void constructor()
-    {
-        // FIXME: if prompt conservative GCs are needed, forced GCs that
-        // were denied while within this scope, could now be performed.
-        // For now, assume the next out-of-line allocation request will
-        // happen soon enough and take care of it. Mixin objects aren't
-        // overly common.
-        ThreadState* state = ThreadStateFor<ThreadingTrait<T>::Affinity>::state();
-        state->leaveGCForbiddenScope();
-    }
-};
-
 // Base class for objects allocated in the Blink garbage-collected heap.
 //
 // Defines a 'new' operator that allocates the memory in the heap.  'delete'
@@ -1201,7 +1139,6 @@ public:
 protected:
     GarbageCollected()
     {
-        AllocateObjectTrait<T>::constructor();
     }
 };
 
@@ -1490,7 +1427,8 @@ inline Address Heap::allocateOnHeapIndex(ThreadState* state, size_t size, int he
 template<typename T>
 Address Heap::allocate(size_t size)
 {
-    return AllocateObjectTrait<T>::allocate(size);
+    ThreadState* state = ThreadStateFor<ThreadingTrait<T>::Affinity>::state();
+    return Heap::allocateOnHeapIndex(state, size, HeapIndexTrait<T>::index(), GCInfoTrait<T>::index());
 }
 
 template<typename T>