Skip to site navigation (Press enter)

[webkit-changes] [214519] branches/safari-603-branch/Source/JavaScriptCore

jmarcell Tue, 28 Mar 2017 20:40:12 -0700

Title: [214519] branches/safari-603-branch/Source/_javascript_Core

Revision: 214519
Author: [email protected]
Date: 2017-03-28 20:28:18 -0700 (Tue, 28 Mar 2017)

Log Message

Merge r212310. rdar://problem/30922106


Modified Paths

branches/safari-603-branch/Source/_javascript_Core/ChangeLog
branches/safari-603-branch/Source/_javascript_Core/heap/Heap.cpp
branches/safari-603-branch/Source/_javascript_Core/heap/Heap.h
branches/safari-603-branch/Source/_javascript_Core/runtime/Options.cpp
branches/safari-603-branch/Source/_javascript_Core/runtime/Options.h

Diff

Modified: branches/safari-603-branch/Source/_javascript_Core/ChangeLog (214518 => 214519)


--- branches/safari-603-branch/Source/_javascript_Core/ChangeLog	2017-03-29 03:28:15 UTC (rev 214518)
+++ branches/safari-603-branch/Source/_javascript_Core/ChangeLog	2017-03-29 03:28:18 UTC (rev 214519)
@@ -1,5 +1,35 @@
 2017-03-28  Jason Marcell  <[email protected]>
 
+        Merge r212310. rdar://problem/30922106
+
+    2017-02-14  Mark Lam  <[email protected]>
+
+            Add JSC_sweepSynchronously and fix JSC_useZombieMode options.
+            https://bugs.webkit.org/show_bug.cgi?id=168257
+            <rdar://problem/30451496>
+
+            Reviewed by Filip Pizlo.
+
+            JSC_useZombieMode now basically enables JSC_sweepSynchronously and
+            JSC_scribbleFreeCells, which together does the job of zombifying dead objects
+            immediately after a GC.
+
+            * heap/Heap.cpp:
+            (JSC::Heap::sweepSynchronously):
+            (JSC::Heap::collectAllGarbage):
+            (JSC::Heap::finalize):
+            (JSC::Heap::didFinishCollection):
+            (JSC::Zombify::visit): Deleted.
+            (JSC::Zombify::operator()): Deleted.
+            (JSC::Heap::zombifyDeadObjects): Deleted.
+            * heap/Heap.h:
+            (JSC::Heap::isZombified): Deleted.
+            * runtime/Options.cpp:
+            (JSC::recomputeDependentOptions):
+            * runtime/Options.h:
+
+2017-03-28  Jason Marcell  <[email protected]>
+
         Merge r213966. rdar://problem/31178551
 
     2017-03-14  Mark Lam  <[email protected]>

Modified: branches/safari-603-branch/Source/_javascript_Core/heap/Heap.cpp (214518 => 214519)


--- branches/safari-603-branch/Source/_javascript_Core/heap/Heap.cpp	2017-03-29 03:28:15 UTC (rev 214518)
+++ branches/safari-603-branch/Source/_javascript_Core/heap/Heap.cpp	2017-03-29 03:28:18 UTC (rev 214519)
@@ -1019,6 +1019,21 @@
     m_mutatorMarkStack->append(cell);
 }
 
+void Heap::sweepSynchronously()
+{
+    double before = 0;
+    if (Options::logGC()) {
+        dataLog("[Full sweep: ", capacity() / 1024, "kb ");
+        before = currentTimeMS();
+    }
+    m_objectSpace.sweep();
+    m_objectSpace.shrink();
+    if (Options::logGC()) {
+        double after = currentTimeMS();
+        dataLog("=> ", capacity() / 1024, "kb, ", after - before, "ms] ");
+    }
+}
+
 void Heap::collectAllGarbage()
 {
     if (!m_isSafeToCollect)
@@ -1029,18 +1044,12 @@
     DeferGCForAWhile deferGC(*this);
     if (UNLIKELY(Options::useImmortalObjects()))
         sweeper()->willFinishSweeping();
-    else {
-        double before = 0;
-        if (Options::logGC()) {
-            dataLog("[Full sweep: ", capacity() / 1024, "kb ");
-            before = currentTimeMS();
-        }
-        m_objectSpace.sweep();
-        m_objectSpace.shrink();
-        if (Options::logGC()) {
-            double after = currentTimeMS();
-            dataLog("=> ", capacity() / 1024, "kb, ", after - before, "ms]\n");
-        }
+
+    bool alreadySweptInCollectSync = Options::sweepSynchronously();
+    if (!alreadySweptInCollectSync) {
+        sweepSynchronously();
+        if (Options::logGC())
+            dataLog("\n");
     }
     m_objectSpace.assertNoUnswept();
 
@@ -1579,6 +1588,9 @@
     
     if (HasOwnPropertyCache* cache = vm()->hasOwnPropertyCache())
         cache->clear();
+
+    if (Options::sweepSynchronously())
+        sweepSynchronously();
 }
 
 Heap::Ticket Heap::requestCollection(std::optional<CollectionScope> scope)
@@ -1807,9 +1819,6 @@
     if (Options::recordGCPauseTimes())
         HeapStatistics::recordGCPauseTime(gcStartTime, gcEndTime);
 
-    if (Options::useZombieMode())
-        zombifyDeadObjects();
-
     if (Options::dumpObjectStatistics())
         HeapStatistics::dumpObjectStatistics(this);
 
@@ -1910,36 +1919,6 @@
     collectAllGarbage();
 }
 
-class Zombify : public MarkedBlock::VoidFunctor {
-public:
-    inline void visit(HeapCell* cell) const
-    {
-        void** current = reinterpret_cast_ptr<void**>(cell);
-
-        // We want to maintain zapped-ness because that's how we know if we've called 
-        // the destructor.
-        if (cell->isZapped())
-            current++;
-
-        void* limit = static_cast<void*>(reinterpret_cast<char*>(cell) + cell->cellSize());
-        for (; current < limit; current++)
-            *current = zombifiedBits;
-    }
-    IterationStatus operator()(HeapCell* cell, HeapCell::Kind) const
-    {
-        visit(cell);
-        return IterationStatus::Continue;
-    }
-};
-
-void Heap::zombifyDeadObjects()
-{
-    // Sweep now because destructors will crash once we're zombified.
-    m_objectSpace.sweep();
-    HeapIterationScope iterationScope(*this);
-    m_objectSpace.forEachDeadCell(iterationScope, Zombify());
-}
-
 bool Heap::shouldDoFullCollection(std::optional<CollectionScope> scope) const
 {
     if (!Options::useGenerationalGC())

Modified: branches/safari-603-branch/Source/_javascript_Core/heap/Heap.h (214518 => 214519)


--- branches/safari-603-branch/Source/_javascript_Core/heap/Heap.h	2017-03-29 03:28:15 UTC (rev 214518)
+++ branches/safari-603-branch/Source/_javascript_Core/heap/Heap.h	2017-03-29 03:28:18 UTC (rev 214519)
@@ -85,8 +85,6 @@
 class Worklist;
 }
 
-static void* const zombifiedBits = reinterpret_cast<void*>(static_cast<uintptr_t>(0xdeadbeef));
-
 typedef HashCountedSet<JSCell*> ProtectCountSet;
 typedef HashCountedSet<const char*> TypeCountSet;
 
@@ -167,6 +165,7 @@
 
     JS_EXPORT_PRIVATE void collectAllGarbageIfNotDoneRecently();
     JS_EXPORT_PRIVATE void collectAllGarbage();
+    JS_EXPORT_PRIVATE void sweepSynchronously();
 
     bool shouldCollectHeuristic();
     
@@ -259,8 +258,6 @@
     template<typename T> void releaseSoon(RetainPtr<T>&&);
 #endif
 
-    static bool isZombified(JSCell* cell) { return *(void**)cell == zombifiedBits; }
-
     JS_EXPORT_PRIVATE void registerWeakGCMap(void* weakGCMap, std::function<void()> pruningCallback);
     JS_EXPORT_PRIVATE void unregisterWeakGCMap(void* weakGCMap);
 
@@ -448,7 +445,6 @@
     void updateAllocationLimits();
     void didFinishCollection(double gcStartTime);
     void resumeCompilerThreads();
-    void zombifyDeadObjects();
     void gatherExtraHeapSnapshotData(HeapProfiler&);
     void removeDeadHeapSnapshotNodes(HeapProfiler&);
     void finalize();

Modified: branches/safari-603-branch/Source/_javascript_Core/runtime/Options.cpp (214518 => 214519)


--- branches/safari-603-branch/Source/_javascript_Core/runtime/Options.cpp	2017-03-29 03:28:15 UTC (rev 214518)
+++ branches/safari-603-branch/Source/_javascript_Core/runtime/Options.cpp	2017-03-29 03:28:18 UTC (rev 214519)
@@ -446,6 +446,12 @@
     else
         fastSetMaxSingleAllocationSize(std::numeric_limits<size_t>::max());
 #endif
+
+    if (Options::useZombieMode()) {
+        Options::sweepSynchronously() = true;
+        Options::scribbleFreeCells() = true;
+    }
+
     if (Options::useSigillCrashAnalyzer())
         enableSigillCrashAnalyzer();
 }

Modified: branches/safari-603-branch/Source/_javascript_Core/runtime/Options.h (214518 => 214519)


--- branches/safari-603-branch/Source/_javascript_Core/runtime/Options.h	2017-03-29 03:28:15 UTC (rev 214518)
+++ branches/safari-603-branch/Source/_javascript_Core/runtime/Options.h	2017-03-29 03:28:18 UTC (rev 214519)
@@ -339,8 +339,9 @@
     v(bool, forceWeakRandomSeed, false, Normal, nullptr) \
     v(unsigned, forcedWeakRandomSeed, 0, Normal, nullptr) \
     \
-    v(bool, useZombieMode, false, Normal, "debugging option to scribble over dead objects with 0xdeadbeef") \
+    v(bool, useZombieMode, false, Normal, "debugging option to scribble over dead objects with 0xbadbeef0") \
     v(bool, useImmortalObjects, false, Normal, "debugging option to keep all objects alive forever") \
+    v(bool, sweepSynchronously, false, Normal, "debugging option to sweep all dead objects synchronously at GC end before resuming mutator") \
     v(bool, dumpObjectStatistics, false, Normal, nullptr) \
     v(unsigned, maxSingleAllocationSize, 0, Configurable, "debugging option to limit individual allocations to a max size (0 = limit not set, N = limit size in bytes)") \
     \

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes