Devirtualize JS traversal in the cycle collector


(Reporter: mccr8)


In bug 1105069, Terrence is doing some epic work making GC things strongly typed, pushing it all the way into the CC.  I'm not sure how the details would quite work out, but I think we might be able to allocate GCThings in the CC graph into a separate set of nodes that would be JS::GCCellPtrs instead of a void* plus participant pair.  Then we could make a direct call the GC tracing code, rather than the indirect calls we have now, which could possibly be much faster.  We could even explicitly separate out scripts and objects, though that may be over kill.  Zones are rare enough I'd just leave them as regular CC participant based things.
Though a much simpler way to implement that would be to have a constant, non-null magic value for the participant for GC things, and then just test for that, and do a direct call.  You'd pay an extra branch against a constant compared to the other approach, but it would be much much simpler.
I hacked up a prototype patch that does what I said in comment 1, and it does seem to help a bit.  On a TechCrunch page close, with about 9000 refcounted objects and about 40000 JS objects, it reduced the total time spent marking from 48ms to 40ms, which cut out a slice.  Of course, that's just with one example of each, so maybe that's just noise.  And that shouldn't really affect max pause time.
This probably doesn't matter given that both methods are defined in the same .cpp file but whatever.
We can just remove the participant now.  Split into a separate patch for simplicity.
