Diff
Modified: branches/safari-603-branch/Source/_javascript_Core/CMakeLists.txt (210661 => 210662)
--- branches/safari-603-branch/Source/_javascript_Core/CMakeLists.txt 2017-01-12 16:46:13 UTC (rev 210661)
+++ branches/safari-603-branch/Source/_javascript_Core/CMakeLists.txt 2017-01-12 16:46:18 UTC (rev 210662)
@@ -510,7 +510,6 @@
heap/WeakBlock.cpp
heap/WeakHandleOwner.cpp
heap/WeakSet.cpp
- heap/WriteBarrierBuffer.cpp
heap/WriteBarrierSupport.cpp
inspector/ConsoleMessage.cpp
Modified: branches/safari-603-branch/Source/_javascript_Core/ChangeLog (210661 => 210662)
--- branches/safari-603-branch/Source/_javascript_Core/ChangeLog 2017-01-12 16:46:13 UTC (rev 210661)
+++ branches/safari-603-branch/Source/_javascript_Core/ChangeLog 2017-01-12 16:46:18 UTC (rev 210662)
@@ -1,5 +1,53 @@
2017-01-12 Matthew Hanson <matthew_han...@apple.com>
+ Merge r210565. rdar://problem/29942167
+
+ 2017-01-09 Filip Pizlo <fpi...@apple.com>
+
+ Streamline the GC barrier slowpath
+ https://bugs.webkit.org/show_bug.cgi?id=166878
+
+ Reviewed by Geoffrey Garen and Saam Barati.
+
+ This implements two optimizations to the barrier:
+
+ - Removes the write barrier buffer. This was just overhead.
+
+ - Teaches the slow path how to white an object that was black but unmarked, ensuring that
+ we don't take slow path for this object again.
+
+ * _javascript_Core.xcodeproj/project.pbxproj:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileStoreBarrier):
+ * ftl/FTLLowerDFGToB3.cpp:
+ (JSC::FTL::DFG::LowerDFGToB3::emitStoreBarrier):
+ * heap/CellState.h:
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::markToFixpoint):
+ (JSC::Heap::addToRememberedSet):
+ (JSC::Heap::stopTheWorld):
+ (JSC::Heap::writeBarrierSlowPath):
+ (JSC::Heap::buildConstraintSet):
+ (JSC::Heap::flushWriteBarrierBuffer): Deleted.
+ * heap/Heap.h:
+ (JSC::Heap::writeBarrierBuffer): Deleted.
+ * heap/SlotVisitor.cpp:
+ (JSC::SlotVisitor::appendJSCellOrAuxiliary):
+ (JSC::SlotVisitor::setMarkedAndAppendToMarkStack):
+ (JSC::SlotVisitor::appendToMarkStack):
+ (JSC::SlotVisitor::visitChildren):
+ * heap/WriteBarrierBuffer.cpp: Removed.
+ * heap/WriteBarrierBuffer.h: Removed.
+ * jit/JITOperations.cpp:
+ * jit/JITOperations.h:
+ * runtime/JSCellInlines.h:
+ (JSC::JSCell::JSCell):
+ * runtime/StructureIDBlob.h:
+ (JSC::StructureIDBlob::StructureIDBlob):
+
+2017-01-12 Matthew Hanson <matthew_han...@apple.com>
+
Merge r210563. rdar://problem/29940224
2017-01-10 Mark Lam <mark....@apple.com>
Modified: branches/safari-603-branch/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj (210661 => 210662)
--- branches/safari-603-branch/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj 2017-01-12 16:46:13 UTC (rev 210661)
+++ branches/safari-603-branch/Source/_javascript_Core/_javascript_Core.xcodeproj/project.pbxproj 2017-01-12 16:46:18 UTC (rev 210662)
@@ -1230,8 +1230,6 @@
2A111246192FCE79005EE18D /* CustomGetterSetter.h in Headers */ = {isa = PBXBuildFile; fileRef = 2A111244192FCE79005EE18D /* CustomGetterSetter.h */; settings = {ATTRIBUTES = (Private, ); }; };
2A48D1911772365B00C65A5F /* APICallbackFunction.h in Headers */ = {isa = PBXBuildFile; fileRef = C211B574176A224D000E2A23 /* APICallbackFunction.h */; };
2A4BB7F318A41179008A0FCD /* JSManagedValueInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = 2A4BB7F218A41179008A0FCD /* JSManagedValueInternal.h */; };
- 2A4EC90B1860D6C20094F782 /* WriteBarrierBuffer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 2A4EC9091860D6C20094F782 /* WriteBarrierBuffer.cpp */; };
- 2A4EC90C1860D6C20094F782 /* WriteBarrierBuffer.h in Headers */ = {isa = PBXBuildFile; fileRef = 2A4EC90A1860D6C20094F782 /* WriteBarrierBuffer.h */; settings = {ATTRIBUTES = (Private, ); }; };
2A7A58EF1808A4C40020BDF7 /* DeferGC.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 2A7A58EE1808A4C40020BDF7 /* DeferGC.cpp */; };
2A83638518D7D0EE0000EBCC /* EdenGCActivityCallback.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 2A83638318D7D0EE0000EBCC /* EdenGCActivityCallback.cpp */; };
2A83638618D7D0EE0000EBCC /* EdenGCActivityCallback.h in Headers */ = {isa = PBXBuildFile; fileRef = 2A83638418D7D0EE0000EBCC /* EdenGCActivityCallback.h */; settings = {ATTRIBUTES = (Private, ); }; };
@@ -3629,8 +3627,6 @@
2A343F7418A1748B0039B085 /* GCSegmentedArray.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = GCSegmentedArray.h; sourceTree = "<group>"; };
2A343F7718A1749D0039B085 /* GCSegmentedArrayInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = GCSegmentedArrayInlines.h; sourceTree = "<group>"; };
2A4BB7F218A41179008A0FCD /* JSManagedValueInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSManagedValueInternal.h; sourceTree = "<group>"; };
- 2A4EC9091860D6C20094F782 /* WriteBarrierBuffer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WriteBarrierBuffer.cpp; sourceTree = "<group>"; };
- 2A4EC90A1860D6C20094F782 /* WriteBarrierBuffer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WriteBarrierBuffer.h; sourceTree = "<group>"; };
2A7A58EE1808A4C40020BDF7 /* DeferGC.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DeferGC.cpp; sourceTree = "<group>"; };
2A83638318D7D0EE0000EBCC /* EdenGCActivityCallback.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = EdenGCActivityCallback.cpp; sourceTree = "<group>"; };
2A83638418D7D0EE0000EBCC /* EdenGCActivityCallback.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = EdenGCActivityCallback.h; sourceTree = "<group>"; };
@@ -5798,8 +5794,6 @@
14E84F9B14EE1ACC00D6D5D4 /* WeakSet.cpp */,
14E84F9C14EE1ACC00D6D5D4 /* WeakSet.h */,
14150132154BB13F005D8C98 /* WeakSetInlines.h */,
- 2A4EC9091860D6C20094F782 /* WriteBarrierBuffer.cpp */,
- 2A4EC90A1860D6C20094F782 /* WriteBarrierBuffer.h */,
0FC8150814043BCA00CFA603 /* WriteBarrierSupport.cpp */,
0FC8150914043BD200CFA603 /* WriteBarrierSupport.h */,
);
@@ -9076,7 +9070,6 @@
ADBC54D51DF8EA2B005BF738 /* WebAssemblyToJSCallee.h in Headers */,
BC18C47A0E16F5CD00B34460 /* WebKitAvailability.h in Headers */,
A7DCB97312E5193F00911940 /* WriteBarrier.h in Headers */,
- 2A4EC90C1860D6C20094F782 /* WriteBarrierBuffer.h in Headers */,
C2B6D75318A33793004A9301 /* WriteBarrierInlines.h in Headers */,
0FC8150A14043BF500CFA603 /* WriteBarrierSupport.h in Headers */,
9688CB160ED12B4E001D649F /* X86Assembler.h in Headers */,
@@ -10461,7 +10454,6 @@
AD2FCBFC1DB58DAD00B3E736 /* WebAssemblyTableConstructor.cpp in Sources */,
AD2FCBFE1DB58DAD00B3E736 /* WebAssemblyTablePrototype.cpp in Sources */,
ADBC54D41DF8EA2B005BF738 /* WebAssemblyToJSCallee.cpp in Sources */,
- 2A4EC90B1860D6C20094F782 /* WriteBarrierBuffer.cpp in Sources */,
0FC8150B14043C0E00CFA603 /* WriteBarrierSupport.cpp in Sources */,
A7E5AB3A1799E4B200D2833D /* X86Disassembler.cpp in Sources */,
863C6D9C1521111A00585E4E /* YarrCanonicalizeUCS2.cpp in Sources */,
Modified: branches/safari-603-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (210661 => 210662)
--- branches/safari-603-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2017-01-12 16:46:13 UTC (rev 210661)
+++ branches/safari-603-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2017-01-12 16:46:18 UTC (rev 210662)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2011-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2011-2017 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -60,7 +60,6 @@
#include "RegExpConstructor.h"
#include "ScopedArguments.h"
#include "ScratchRegisterAllocator.h"
-#include "WriteBarrierBuffer.h"
#include <wtf/BitVector.h>
#include <wtf/Box.h>
#include <wtf/MathExtras.h>
@@ -8906,11 +8905,9 @@
SpeculateCellOperand base(this, node->child1());
GPRTemporary scratch1(this);
- GPRTemporary scratch2(this);
GPRReg baseGPR = base.gpr();
GPRReg scratch1GPR = scratch1.gpr();
- GPRReg scratch2GPR = scratch2.gpr();
JITCompiler::JumpList ok;
@@ -8924,22 +8921,8 @@
} else
ok.append(m_jit.barrierBranchWithoutFence(baseGPR));
- WriteBarrierBuffer& writeBarrierBuffer = m_jit.vm()->heap.m_writeBarrierBuffer;
- m_jit.load32(writeBarrierBuffer.currentIndexAddress(), scratch2GPR);
- JITCompiler::Jump needToFlush = m_jit.branch32(MacroAssembler::AboveOrEqual, scratch2GPR, MacroAssembler::TrustedImm32(writeBarrierBuffer.capacity()));
-
- m_jit.add32(TrustedImm32(1), scratch2GPR);
- m_jit.store32(scratch2GPR, writeBarrierBuffer.currentIndexAddress());
-
- m_jit.move(TrustedImmPtr(writeBarrierBuffer.buffer()), scratch1GPR);
- // We use an offset of -sizeof(void*) because we already added 1 to scratch2.
- m_jit.storePtr(baseGPR, MacroAssembler::BaseIndex(scratch1GPR, scratch2GPR, MacroAssembler::ScalePtr, static_cast<int32_t>(-sizeof(void*))));
-
- ok.append(m_jit.jump());
- needToFlush.link(&m_jit);
-
silentSpillAllRegisters(InvalidGPRReg);
- callOperation(operationFlushWriteBarrierBuffer, baseGPR);
+ callOperation(operationWriteBarrierSlowPath, baseGPR);
silentFillAllRegisters(InvalidGPRReg);
ok.link(&m_jit);
Modified: branches/safari-603-branch/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp (210661 => 210662)
--- branches/safari-603-branch/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2017-01-12 16:46:13 UTC (rev 210661)
+++ branches/safari-603-branch/Source/_javascript_Core/ftl/FTLLowerDFGToB3.cpp 2017-01-12 16:46:18 UTC (rev 210662)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2017 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -12959,8 +12959,13 @@
void emitStoreBarrier(LValue base, bool isFenced)
{
+ LBasicBlock recheckPath = nullptr;
+ if (isFenced)
+ recheckPath = m_out.newBlock();
LBasicBlock slowPath = m_out.newBlock();
LBasicBlock continuation = m_out.newBlock();
+
+ LBasicBlock lastNext = m_out.insertNewBlocksBefore(isFenced ? recheckPath : slowPath);
LValue threshold;
if (isFenced)
@@ -12970,76 +12975,23 @@
m_out.branch(
m_out.above(loadCellState(base), threshold),
- usually(continuation), rarely(slowPath));
-
- LBasicBlock lastNext = m_out.appendTo(slowPath, continuation);
+ usually(continuation), rarely(isFenced ? recheckPath : slowPath));
- // We emit the store barrier slow path lazily. In a lot of cases, this will never fire. And
- // when it does fire, it makes sense for us to generate this code using our JIT rather than
- // wasting B3's time optimizing it.
- PatchpointValue* patchpoint = lazySlowPath(
- [=] (const Vector<Location>& locations) -> RefPtr<LazySlowPath::Generator> {
- GPRReg baseGPR = locations[1].directGPR();
+ if (isFenced) {
+ m_out.appendTo(recheckPath, slowPath);
+
+ m_out.fence(&m_heaps.root, &m_heaps.JSCell_cellState);
+
+ m_out.branch(
+ m_out.above(loadCellState(base), m_out.constInt32(blackThreshold)),
+ usually(continuation), rarely(slowPath));
+ }
- return LazySlowPath::createGenerator(
- [=] (CCallHelpers& jit, LazySlowPath::GenerationParams& params) {
- if (isFenced) {
- CCallHelpers::Jump noFence = jit.jumpIfMutatorFenceNotNeeded();
- jit.memoryFence();
- params.doneJumps.append(jit.barrierBranchWithoutFence(baseGPR));
- noFence.link(&jit);
- }
-
- RegisterSet usedRegisters = params.lazySlowPath->usedRegisters();
- ScratchRegisterAllocator scratchRegisterAllocator(usedRegisters);
- scratchRegisterAllocator.lock(baseGPR);
-
- GPRReg scratch1 = scratchRegisterAllocator.allocateScratchGPR();
- GPRReg scratch2 = scratchRegisterAllocator.allocateScratchGPR();
-
- ScratchRegisterAllocator::PreservedState preservedState =
- scratchRegisterAllocator.preserveReusedRegistersByPushing(jit, ScratchRegisterAllocator::ExtraStackSpace::SpaceForCCall);
-
- // We've already saved these, so when we make a slow path call, we don't have
- // to save them again.
- usedRegisters.exclude(RegisterSet(scratch1, scratch2));
-
- WriteBarrierBuffer& writeBarrierBuffer = jit.vm()->heap.writeBarrierBuffer();
- jit.load32(writeBarrierBuffer.currentIndexAddress(), scratch2);
- CCallHelpers::Jump needToFlush = jit.branch32(
- CCallHelpers::AboveOrEqual, scratch2,
- CCallHelpers::TrustedImm32(writeBarrierBuffer.capacity()));
-
- jit.add32(CCallHelpers::TrustedImm32(1), scratch2);
- jit.store32(scratch2, writeBarrierBuffer.currentIndexAddress());
-
- jit.move(CCallHelpers::TrustedImmPtr(writeBarrierBuffer.buffer()), scratch1);
- jit.storePtr(
- baseGPR,
- CCallHelpers::BaseIndex(
- scratch1, scratch2, CCallHelpers::ScalePtr,
- static_cast<int32_t>(-sizeof(void*))));
-
- scratchRegisterAllocator.restoreReusedRegistersByPopping(jit, preservedState);
-
- params.doneJumps.append(jit.jump());
-
- needToFlush.link(&jit);
- callOperation(
- usedRegisters, jit, params.lazySlowPath->callSiteIndex(),
- params.exceptionJumps, operationFlushWriteBarrierBuffer, InvalidGPRReg,
- baseGPR);
- scratchRegisterAllocator.restoreReusedRegistersByPopping(jit, preservedState);
- params.doneJumps.append(jit.jump());
- });
- },
- base);
+ m_out.appendTo(slowPath, continuation);
- if (isFenced)
- m_heaps.decoratePatchpointRead(&m_heaps.root, patchpoint);
- else
- m_heaps.decoratePatchpointRead(&m_heaps.JSCell_cellState, patchpoint);
- m_heaps.decoratePatchpointWrite(&m_heaps.JSCell_cellState, patchpoint);
+ LValue call = vmCall(Void, m_out.operation(operationWriteBarrierSlowPath), m_callFrame, base);
+ m_heaps.decorateCCallRead(&m_heaps.root, call);
+ m_heaps.decorateCCallWrite(&m_heaps.JSCell_cellState, call);
m_out.jump(continuation);
Modified: branches/safari-603-branch/Source/_javascript_Core/heap/CellState.h (210661 => 210662)
--- branches/safari-603-branch/Source/_javascript_Core/heap/CellState.h 2017-01-12 16:46:13 UTC (rev 210661)
+++ branches/safari-603-branch/Source/_javascript_Core/heap/CellState.h 2017-01-12 16:46:18 UTC (rev 210662)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2015-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2017 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -29,17 +29,20 @@
namespace JSC {
+// The CellState of a cell is a kind of hint about what the state of the cell is.
enum class CellState : uint8_t {
// The object is either currently being scanned, or it has finished being scanned, or this
// is a full collection and it's actually a white object (you'd know because its mark bit
// would be clear).
- PossiblyOldOrBlack = 0,
+ PossiblyBlack = 0,
// The object is in eden. During GC, this means that the object has not been marked yet.
- DefinitelyNewAndWhite = 1,
+ DefinitelyWhite = 1,
- // The object is grey - i.e. it will be scanned.
- DefinitelyGrey = 2,
+ // This sorta means that the object is grey - i.e. it will be scanned. Or it could be white
+ // during a full collection if its mark bit is clear. That would happen if it had been black,
+ // got barriered, and we did a full collection.
+ PossiblyGrey = 2
};
static const unsigned blackThreshold = 0; // x <= blackThreshold means x is PossiblyOldOrBlack.
Modified: branches/safari-603-branch/Source/_javascript_Core/heap/Heap.cpp (210661 => 210662)
--- branches/safari-603-branch/Source/_javascript_Core/heap/Heap.cpp 2017-01-12 16:46:13 UTC (rev 210661)
+++ branches/safari-603-branch/Source/_javascript_Core/heap/Heap.cpp 2017-01-12 16:46:18 UTC (rev 210662)
@@ -263,7 +263,6 @@
, m_codeBlocks(std::make_unique<CodeBlockSet>())
, m_jitStubRoutines(std::make_unique<JITStubRoutineSet>())
, m_isSafeToCollect(false)
- , m_writeBarrierBuffer(256)
, m_vm(vm)
// We seed with 10ms so that GCActivityCallback::didAllocate doesn't continuously
// schedule the timer if we've never done a collection.
@@ -584,7 +583,7 @@
for (unsigned iteration = 1; ; ++iteration) {
if (Options::logGC())
- dataLog("i#", iteration, " ", slotVisitor.collectorMarkStack().size(), "+", m_mutatorMarkStack->size() + slotVisitor.mutatorMarkStack().size(), " b=", m_barriersExecuted, " ");
+ dataLog("i#", iteration, " b=", m_barriersExecuted, " ");
if (slotVisitor.didReachTermination()) {
assertSharedMarkStacksEmpty();
@@ -610,6 +609,9 @@
m_scheduler->didExecuteConstraints();
}
+ if (Options::logGC())
+ dataLog(slotVisitor.collectorMarkStack().size(), "+", m_mutatorMarkStack->size() + slotVisitor.mutatorMarkStack().size(), " ");
+
{
ParallelModeEnabler enabler(slotVisitor);
slotVisitor.drainInParallel(m_scheduler->timeToResume());
@@ -940,24 +942,58 @@
m_jitStubRoutines->deleteUnmarkedJettisonedStubRoutines();
}
-void Heap::addToRememberedSet(const JSCell* cell)
+void Heap::addToRememberedSet(const JSCell* constCell)
{
+ JSCell* cell = const_cast<JSCell*>(constCell);
ASSERT(cell);
ASSERT(!Options::useConcurrentJIT() || !isCompilationThread());
m_barriersExecuted++;
- if (!Heap::isMarkedConcurrently(cell)) {
- // During a full collection a store into an unmarked object that had surivived past
- // collections will manifest as a store to an unmarked black object. If the object gets
- // marked at some time after this then it will go down the normal marking path. We can
- // safely ignore these stores.
- return;
- }
+ if (m_mutatorShouldBeFenced) {
+ WTF::loadLoadFence();
+ if (!isMarkedConcurrently(cell)) {
+ // During a full collection a store into an unmarked object that had surivived past
+ // collections will manifest as a store to an unmarked PossiblyBlack object. If the
+ // object gets marked at some time after this then it will go down the normal marking
+ // path. So, we don't have to remember this object. We could return here. But we go
+ // further and attempt to re-white the object.
+
+ RELEASE_ASSERT(m_collectionScope == CollectionScope::Full);
+
+ if (cell->atomicCompareExchangeCellStateStrong(CellState::PossiblyBlack, CellState::DefinitelyWhite) == CellState::PossiblyBlack) {
+ // Now we protect against this race:
+ //
+ // 1) Object starts out black + unmarked.
+ // --> We do isMarkedConcurrently here.
+ // 2) Object is marked and greyed.
+ // 3) Object is scanned and blacked.
+ // --> We do atomicCompareExchangeCellStateStrong here.
+ //
+ // In this case we would have made the object white again, even though it should
+ // be black. This check lets us correct our mistake. This relies on the fact that
+ // isMarkedConcurrently converges monotonically to true.
+ if (isMarkedConcurrently(cell)) {
+ // It's difficult to work out whether the object should be grey or black at
+ // this point. We say black conservatively.
+ cell->setCellState(CellState::PossiblyBlack);
+ }
+
+ // Either way, we can return. Most likely, the object was not marked, and so the
+ // object is now labeled white. This means that future barrier executions will not
+ // fire. In the unlikely event that the object had become marked, we can still
+ // return anyway, since we proved that the object was not marked at the time that
+ // we executed this slow path.
+ }
+
+ return;
+ }
+ } else
+ ASSERT(Heap::isMarkedConcurrently(cell));
// It could be that the object was *just* marked. This means that the collector may set the
// state to DefinitelyGrey and then to PossiblyOldOrBlack at any time. It's OK for us to
// race with the collector here. If we win then this is accurate because the object _will_
// get scanned again. If we lose then someone else will barrier the object again. That would
// be unfortunate but not the end of the world.
- cell->setCellState(CellState::DefinitelyGrey);
+ cell->setCellState(CellState::PossiblyGrey);
m_mutatorMarkStack->append(cell);
}
@@ -1177,7 +1213,6 @@
vm()->shadowChicken().update(*vm(), vm()->topCallFrame);
- flushWriteBarrierBuffer();
m_structureIDTable.flushOldTables();
m_objectSpace.stopAllocating();
@@ -1597,11 +1632,6 @@
observer->willGarbageCollect();
}
-void Heap::flushWriteBarrierBuffer()
-{
- m_writeBarrierBuffer.flush(*this);
-}
-
void Heap::prepareForMarking()
{
m_objectSpace.prepareForMarking();
@@ -1882,12 +1912,6 @@
m_objectSpace.forEachDeadCell(iterationScope, Zombify());
}
-void Heap::flushWriteBarrierBuffer(JSCell* cell)
-{
- m_writeBarrierBuffer.flush(*this);
- m_writeBarrierBuffer.add(cell);
-}
-
bool Heap::shouldDoFullCollection(std::optional<CollectionScope> scope) const
{
if (!Options::useGenerationalGC())
@@ -1965,7 +1989,7 @@
// In this case, the barrierThreshold is the tautological threshold, so from could still be
// not black. But we can't know for sure until we fire off a fence.
WTF::storeLoadFence();
- if (from->cellState() != CellState::PossiblyOldOrBlack)
+ if (from->cellState() != CellState::PossiblyBlack)
return;
}
@@ -2213,7 +2237,7 @@
[&] (CodeBlock* codeBlock) {
// Visit the CodeBlock as a constraint only if it's black.
if (Heap::isMarked(codeBlock)
- && codeBlock->cellState() == CellState::PossiblyOldOrBlack)
+ && codeBlock->cellState() == CellState::PossiblyBlack)
slotVisitor.visitAsConstraint(codeBlock);
});
},
Modified: branches/safari-603-branch/Source/_javascript_Core/heap/Heap.h (210661 => 210662)
--- branches/safari-603-branch/Source/_javascript_Core/heap/Heap.h 2017-01-12 16:46:13 UTC (rev 210661)
+++ branches/safari-603-branch/Source/_javascript_Core/heap/Heap.h 2017-01-12 16:46:18 UTC (rev 210662)
@@ -43,7 +43,6 @@
#include "VisitRaceKey.h"
#include "WeakHandleOwner.h"
#include "WeakReferenceHarvester.h"
-#include "WriteBarrierBuffer.h"
#include "WriteBarrierSupport.h"
#include <wtf/AutomaticThread.h>
#include <wtf/Deque.h>
@@ -125,9 +124,6 @@
// Take this if you know that from->cellState() < barrierThreshold.
JS_EXPORT_PRIVATE void writeBarrierSlowPath(const JSCell* from);
- WriteBarrierBuffer& writeBarrierBuffer() { return m_writeBarrierBuffer; }
- void flushWriteBarrierBuffer(JSCell*);
-
void writeBarrierOpaqueRoot(void*);
Heap(VM*, HeapType);
@@ -445,7 +441,6 @@
void suspendCompilerThreads();
void willStartCollection(std::optional<CollectionScope>);
- void flushWriteBarrierBuffer();
void prepareForMarking();
void markToFixpoint(double gcStartTime);
@@ -564,7 +559,6 @@
bool m_isSafeToCollect;
- WriteBarrierBuffer m_writeBarrierBuffer;
bool m_mutatorShouldBeFenced { Options::forceFencedBarrier() };
unsigned m_barrierThreshold { Options::forceFencedBarrier() ? tautologicalThreshold : blackThreshold };
Vector<bool*> m_mutatorShouldBeFencedCaches;
Modified: branches/safari-603-branch/Source/_javascript_Core/heap/SlotVisitor.cpp (210661 => 210662)
--- branches/safari-603-branch/Source/_javascript_Core/heap/SlotVisitor.cpp 2017-01-12 16:46:13 UTC (rev 210661)
+++ branches/safari-603-branch/Source/_javascript_Core/heap/SlotVisitor.cpp 2017-01-12 16:46:18 UTC (rev 210662)
@@ -204,7 +204,7 @@
JSCell* jsCell = static_cast<JSCell*>(heapCell);
validateCell(jsCell);
- jsCell->setCellState(CellState::DefinitelyGrey);
+ jsCell->setCellState(CellState::PossiblyGrey);
appendToMarkStack(jsCell);
return;
@@ -266,7 +266,7 @@
// Indicate that the object is grey and that:
// In case of concurrent GC: it's the first time it is grey in this GC cycle.
// In case of eden collection: it's a new object that became grey rather than an old remembered object.
- cell->setCellState(CellState::DefinitelyGrey);
+ cell->setCellState(CellState::PossiblyGrey);
appendToMarkStack(container, cell);
}
@@ -284,7 +284,7 @@
{
ASSERT(Heap::isMarkedConcurrently(cell));
ASSERT(!cell->isZapped());
- ASSERT(cell->cellState() == CellState::DefinitelyGrey);
+ ASSERT(cell->cellState() == CellState::PossiblyGrey);
container.noteMarked();
@@ -371,7 +371,7 @@
// not clear to me that it would be correct or profitable to bail here if the object is already
// black.
- cell->setCellState(CellState::PossiblyOldOrBlack);
+ cell->setCellState(CellState::PossiblyBlack);
WTF::storeLoadFence();
Deleted: branches/safari-603-branch/Source/_javascript_Core/heap/WriteBarrierBuffer.cpp (210661 => 210662)
--- branches/safari-603-branch/Source/_javascript_Core/heap/WriteBarrierBuffer.cpp 2017-01-12 16:46:13 UTC (rev 210661)
+++ branches/safari-603-branch/Source/_javascript_Core/heap/WriteBarrierBuffer.cpp 2017-01-12 16:46:18 UTC (rev 210662)
@@ -1,69 +0,0 @@
-/*
- * Copyright (C) 2013 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "WriteBarrierBuffer.h"
-
-#include "GCAssertions.h"
-#include "Heap.h"
-#include "JSCell.h"
-#include "JSCInlines.h"
-#include "Structure.h"
-
-namespace JSC {
-
-WriteBarrierBuffer::WriteBarrierBuffer(unsigned capacity)
- : m_currentIndex(0)
- , m_capacity(capacity)
- , m_buffer(static_cast<JSCell**>(fastMalloc(sizeof(JSCell*) * capacity)))
-{
-}
-
-WriteBarrierBuffer::~WriteBarrierBuffer()
-{
- fastFree(m_buffer);
-}
-
-void WriteBarrierBuffer::flush(Heap& heap)
-{
- ASSERT(m_currentIndex <= m_capacity);
- for (size_t i = 0; i < m_currentIndex; ++i)
- heap.writeBarrier(m_buffer[i]);
- m_currentIndex = 0;
-}
-
-void WriteBarrierBuffer::reset()
-{
- m_currentIndex = 0;
-}
-
-void WriteBarrierBuffer::add(JSCell* cell)
-{
- ASSERT_GC_OBJECT_LOOKS_VALID(cell);
- ASSERT(m_currentIndex < m_capacity);
- m_buffer[m_currentIndex++] = cell;
-}
-
-} // namespace JSC
Deleted: branches/safari-603-branch/Source/_javascript_Core/heap/WriteBarrierBuffer.h (210661 => 210662)
--- branches/safari-603-branch/Source/_javascript_Core/heap/WriteBarrierBuffer.h 2017-01-12 16:46:13 UTC (rev 210661)
+++ branches/safari-603-branch/Source/_javascript_Core/heap/WriteBarrierBuffer.h 2017-01-12 16:46:18 UTC (rev 210662)
@@ -1,65 +0,0 @@
-/*
- * Copyright (C) 2013, 2015 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#pragma once
-
-#include <wtf/FastMalloc.h>
-
-namespace JSC {
-
-class Heap;
-class JSCell;
-
-class WriteBarrierBuffer {
-public:
- WriteBarrierBuffer(unsigned capacity);
- ~WriteBarrierBuffer();
-
- void add(JSCell*);
- void flush(Heap&);
- void reset();
-
- unsigned* currentIndexAddress()
- {
- return &m_currentIndex;
- }
-
- unsigned capacity() const
- {
- return m_capacity;
- }
-
- JSCell** buffer()
- {
- return m_buffer;
- }
-
-private:
- unsigned m_currentIndex;
- const unsigned m_capacity;
- JSCell** const m_buffer;
-};
-
-} // namespace JSC
Modified: branches/safari-603-branch/Source/_javascript_Core/jit/JITOperations.cpp (210661 => 210662)
--- branches/safari-603-branch/Source/_javascript_Core/jit/JITOperations.cpp 2017-01-12 16:46:13 UTC (rev 210661)
+++ branches/safari-603-branch/Source/_javascript_Core/jit/JITOperations.cpp 2017-01-12 16:46:18 UTC (rev 210662)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2017 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -2188,13 +2188,6 @@
return reinterpret_cast<char*>(result);
}
-void JIT_OPERATION operationFlushWriteBarrierBuffer(ExecState* exec, JSCell* cell)
-{
- VM* vm = &exec->vm();
- NativeCallFrameTracer tracer(vm, exec);
- vm->heap.flushWriteBarrierBuffer(cell);
-}
-
void JIT_OPERATION operationOSRWriteBarrier(ExecState* exec, JSCell* cell)
{
VM* vm = &exec->vm();
Modified: branches/safari-603-branch/Source/_javascript_Core/jit/JITOperations.h (210661 => 210662)
--- branches/safari-603-branch/Source/_javascript_Core/jit/JITOperations.h 2017-01-12 16:46:13 UTC (rev 210661)
+++ branches/safari-603-branch/Source/_javascript_Core/jit/JITOperations.h 2017-01-12 16:46:18 UTC (rev 210662)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2017 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -426,7 +426,6 @@
char* JIT_OPERATION operationReallocateButterflyToHavePropertyStorageWithInitialCapacity(ExecState*, JSObject*) WTF_INTERNAL;
char* JIT_OPERATION operationReallocateButterflyToGrowPropertyStorage(ExecState*, JSObject*, size_t newSize) WTF_INTERNAL;
-void JIT_OPERATION operationFlushWriteBarrierBuffer(ExecState*, JSCell*);
void JIT_OPERATION operationWriteBarrierSlowPath(ExecState*, JSCell*);
void JIT_OPERATION operationOSRWriteBarrier(ExecState*, JSCell*);
Modified: branches/safari-603-branch/Source/_javascript_Core/runtime/JSCellInlines.h (210661 => 210662)
--- branches/safari-603-branch/Source/_javascript_Core/runtime/JSCellInlines.h 2017-01-12 16:46:13 UTC (rev 210661)
+++ branches/safari-603-branch/Source/_javascript_Core/runtime/JSCellInlines.h 2017-01-12 16:46:18 UTC (rev 210662)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2012-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2012-2017 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -41,7 +41,7 @@
namespace JSC {
inline JSCell::JSCell(CreatingEarlyCellTag)
- : m_cellState(CellState::DefinitelyNewAndWhite)
+ : m_cellState(CellState::DefinitelyWhite)
{
ASSERT(!isCompilationThread());
}
@@ -51,7 +51,7 @@
, m_indexingTypeAndMisc(structure->indexingTypeIncludingHistory())
, m_type(structure->typeInfo().type())
, m_flags(structure->typeInfo().inlineTypeFlags())
- , m_cellState(CellState::DefinitelyNewAndWhite)
+ , m_cellState(CellState::DefinitelyWhite)
{
ASSERT(!isCompilationThread());
}
Modified: branches/safari-603-branch/Source/_javascript_Core/runtime/StructureIDBlob.h (210661 => 210662)
--- branches/safari-603-branch/Source/_javascript_Core/runtime/StructureIDBlob.h 2017-01-12 16:46:13 UTC (rev 210661)
+++ branches/safari-603-branch/Source/_javascript_Core/runtime/StructureIDBlob.h 2017-01-12 16:46:18 UTC (rev 210662)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2017 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -46,7 +46,7 @@
u.fields.indexingTypeIncludingHistory = indexingTypeIncludingHistory;
u.fields.type = typeInfo.type();
u.fields.inlineTypeFlags = typeInfo.inlineTypeFlags();
- u.fields.defaultCellState = CellState::DefinitelyNewAndWhite;
+ u.fields.defaultCellState = CellState::DefinitelyWhite;
}
void operator=(const StructureIDBlob& other) { u.doubleWord = other.u.doubleWord; }
