[webkit-changes] [277850] trunk

Thu, 20 May 2021 23:36:03 -0700

Title: [277850] trunk
Revision
277850
Author
[email protected]
Date
2021-05-20 23:35:06 -0700 (Thu, 20 May 2021)

Log Message

[ Catalina Release JSC] A large number of JSC test appear to be flaky failing
https://bugs.webkit.org/show_bug.cgi?id=225998
<rdar://problem/78235001>

Reviewed by Yusuke Suzuki.

JSTests:

* stress/dont-link-virtual-calls-on-compiler-thread.js: Added.

Source/_javascript_Core:

This patch is fixing some fallout from moving JIT::link() to a background
thread:
1. We can't shrink the CodeBlock's constant pool on a background thread
since we read from it without grabbing a lock on the main thread (when
reading things off the stack in slow path calls).
2. We can't create GCAwareJITStubRoutines on the compilation thread, since
creating a GCAwareJITStubRoutines adds to a global hash table inside Heap. This
means that we have to do that step of emitting virtual calls for eval when
we're finalizing code on the main thread.

This patch also makes it so that a baseline JIT compilation thread is
correctly marked as such.

* heap/JITStubRoutineSet.cpp:
(JSC::JITStubRoutineSet::add):
* jit/AssemblyHelpers.cpp:
(JSC::AssemblyHelpers::emitUnlinkedVirtualCall):
(JSC::AssemblyHelpers::emitVirtualCall):
* jit/AssemblyHelpers.h:
* jit/JIT.cpp:
(JSC::JIT::link):
(JSC::JIT::finalizeOnMainThread):
* jit/JIT.h:
* jit/JITCall.cpp:
(JSC::JIT::compileCallEvalSlowCase):
* jit/JITCall32_64.cpp:
(JSC::JIT::compileCallEvalSlowCase):
* jit/JITWorklist.cpp:

Modified Paths

Added Paths

Diff

Modified: trunk/JSTests/ChangeLog (277849 => 277850)


--- trunk/JSTests/ChangeLog	2021-05-21 04:14:55 UTC (rev 277849)
+++ trunk/JSTests/ChangeLog	2021-05-21 06:35:06 UTC (rev 277850)
@@ -1,3 +1,13 @@
+2021-05-20  Saam Barati  <[email protected]>
+
+        [ Catalina Release JSC] A large number of JSC test appear to be flaky failing
+        https://bugs.webkit.org/show_bug.cgi?id=225998
+        <rdar://problem/78235001>
+
+        Reviewed by Yusuke Suzuki.
+
+        * stress/dont-link-virtual-calls-on-compiler-thread.js: Added.
+
 2021-05-19  Robin Morisset  <[email protected]>
 
         Fix typo in AirUseCounts

Added: trunk/JSTests/stress/dont-link-virtual-calls-on-compiler-thread.js (0 => 277850)


--- trunk/JSTests/stress/dont-link-virtual-calls-on-compiler-thread.js	                        (rev 0)
+++ trunk/JSTests/stress/dont-link-virtual-calls-on-compiler-thread.js	2021-05-21 06:35:06 UTC (rev 277850)
@@ -0,0 +1,10 @@
+//@ skip if $architecture != "arm64" and $architecture != "x86-64"
+
+let s = `
+for (let i = 0; i < 10000; i++) {
+  eval?.('eval("function f() {}");');
+}
+`;
+
+for (let i = 0; i < 5; ++i)
+    runString(s);

Modified: trunk/Source/_javascript_Core/ChangeLog (277849 => 277850)


--- trunk/Source/_javascript_Core/ChangeLog	2021-05-21 04:14:55 UTC (rev 277849)
+++ trunk/Source/_javascript_Core/ChangeLog	2021-05-21 06:35:06 UTC (rev 277850)
@@ -1,5 +1,42 @@
 2021-05-20  Saam Barati  <[email protected]>
 
+        [ Catalina Release JSC] A large number of JSC test appear to be flaky failing
+        https://bugs.webkit.org/show_bug.cgi?id=225998
+        <rdar://problem/78235001>
+
+        Reviewed by Yusuke Suzuki.
+
+        This patch is fixing some fallout from moving JIT::link() to a background
+        thread:
+        1. We can't shrink the CodeBlock's constant pool on a background thread
+        since we read from it without grabbing a lock on the main thread (when
+        reading things off the stack in slow path calls).
+        2. We can't create GCAwareJITStubRoutines on the compilation thread, since
+        creating a GCAwareJITStubRoutines adds to a global hash table inside Heap. This
+        means that we have to do that step of emitting virtual calls for eval when
+        we're finalizing code on the main thread.
+        
+        This patch also makes it so that a baseline JIT compilation thread is
+        correctly marked as such.
+
+        * heap/JITStubRoutineSet.cpp:
+        (JSC::JITStubRoutineSet::add):
+        * jit/AssemblyHelpers.cpp:
+        (JSC::AssemblyHelpers::emitUnlinkedVirtualCall):
+        (JSC::AssemblyHelpers::emitVirtualCall):
+        * jit/AssemblyHelpers.h:
+        * jit/JIT.cpp:
+        (JSC::JIT::link):
+        (JSC::JIT::finalizeOnMainThread):
+        * jit/JIT.h:
+        * jit/JITCall.cpp:
+        (JSC::JIT::compileCallEvalSlowCase):
+        * jit/JITCall32_64.cpp:
+        (JSC::JIT::compileCallEvalSlowCase):
+        * jit/JITWorklist.cpp:
+
+2021-05-20  Saam Barati  <[email protected]>
+
         Make polymorphic calls play nice with Data Call ICs
         https://bugs.webkit.org/show_bug.cgi?id=225793

Modified: trunk/Source/_javascript_Core/assembler/LinkBuffer.cpp (277849 => 277850)


--- trunk/Source/_javascript_Core/assembler/LinkBuffer.cpp	2021-05-21 04:14:55 UTC (rev 277849)
+++ trunk/Source/_javascript_Core/assembler/LinkBuffer.cpp	2021-05-21 06:35:06 UTC (rev 277850)
@@ -476,7 +476,6 @@
         task->run(*this);
 
 #ifndef NDEBUG
-    ASSERT(m_isJumpIsland || !isCompilationThread());
     ASSERT(!m_completed);
     ASSERT(isValid());
     m_completed = true;

Modified: trunk/Source/_javascript_Core/heap/JITStubRoutineSet.cpp (277849 => 277850)


--- trunk/Source/_javascript_Core/heap/JITStubRoutineSet.cpp	2021-05-21 04:14:55 UTC (rev 277849)
+++ trunk/Source/_javascript_Core/heap/JITStubRoutineSet.cpp	2021-05-21 06:35:06 UTC (rev 277850)
@@ -57,6 +57,7 @@
 
 void JITStubRoutineSet::add(GCAwareJITStubRoutine* routine)
 {
+    RELEASE_ASSERT(!isCompilationThread());
     ASSERT(!routine->m_isJettisoned);
     
     m_routines.append(Routine {

Modified: trunk/Source/_javascript_Core/jit/AssemblyHelpers.cpp (277849 => 277850)


--- trunk/Source/_javascript_Core/jit/AssemblyHelpers.cpp	2021-05-21 04:14:55 UTC (rev 277849)
+++ trunk/Source/_javascript_Core/jit/AssemblyHelpers.cpp	2021-05-21 06:35:06 UTC (rev 277850)
@@ -643,11 +643,16 @@
 #endif
 }
 
-void AssemblyHelpers::emitVirtualCall(VM& vm, JSGlobalObject* globalObject, CallLinkInfo* info)
+AssemblyHelpers::Call AssemblyHelpers::emitUnlinkedVirtualCall(JSGlobalObject* globalObject, CallLinkInfo* info)
 {
     move(TrustedImmPtr(info), GPRInfo::regT2);
     move(TrustedImmPtr(globalObject), GPRInfo::regT3);
-    Call call = nearCall();
+    return nearCall();
+}
+
+void AssemblyHelpers::emitVirtualCall(VM& vm, JSGlobalObject* globalObject, CallLinkInfo* info)
+{
+    Call call = emitUnlinkedVirtualCall(globalObject, info);
     addLinkTask(
         [=, &vm] (LinkBuffer& linkBuffer) {
             MacroAssemblerCodeRef<JITStubRoutinePtrTag> virtualThunk = virtualThunkFor(vm, *info);

Modified: trunk/Source/_javascript_Core/jit/AssemblyHelpers.h (277849 => 277850)


--- trunk/Source/_javascript_Core/jit/AssemblyHelpers.h	2021-05-21 04:14:55 UTC (rev 277849)
+++ trunk/Source/_javascript_Core/jit/AssemblyHelpers.h	2021-05-21 06:35:06 UTC (rev 277850)
@@ -1828,6 +1828,7 @@
         functor(TypeofType::Undefined, true);
     }
     
+    Call emitUnlinkedVirtualCall(JSGlobalObject*, CallLinkInfo*);
     void emitVirtualCall(VM&, JSGlobalObject*, CallLinkInfo*);
     
     void makeSpaceOnStackForCCall();

Modified: trunk/Source/_javascript_Core/jit/JIT.cpp (277849 => 277850)


--- trunk/Source/_javascript_Core/jit/JIT.cpp	2021-05-21 04:14:55 UTC (rev 277849)
+++ trunk/Source/_javascript_Core/jit/JIT.cpp	2021-05-21 06:35:06 UTC (rev 277850)
@@ -977,11 +977,6 @@
         patchBuffer, JSEntryPtrTag,
         "Baseline JIT code for %s", toCString(CodeBlockWithJITType(m_codeBlock, JITType::BaselineJIT)).data());
     
-    {
-        ConcurrentJSLocker locker(m_codeBlock->m_lock);
-        m_codeBlock->shrinkToFit(locker, CodeBlock::ShrinkMode::LateShrink);
-    }
-
     MacroAssemblerCodePtr<JSEntryPtrTag> withArityCheck = patchBuffer.locationOf<JSEntryPtrTag>(m_arityCheck);
     m_jitCode = adoptRef(*new DirectJITCode(result, withArityCheck, JITType::BaselineJIT));
 
@@ -996,6 +991,20 @@
     if (!m_jitCode)
         return CompilationFailed;
 
+    for (auto pair : m_virtualCalls) {
+        auto callLocation = m_linkBuffer->locationOfNearCall<JITThunkPtrTag>(pair.first);
+
+        CallLinkInfo& info = pair.second;
+        MacroAssemblerCodeRef<JITStubRoutinePtrTag> virtualThunk = virtualThunkFor(*m_vm, info);
+        info.setSlowStub(GCAwareJITStubRoutine::create(virtualThunk, *m_vm));
+        MacroAssembler::repatchNearCall(callLocation, CodeLocationLabel<JITStubRoutinePtrTag>(virtualThunk.code()));
+    }
+
+    {
+        ConcurrentJSLocker locker(m_codeBlock->m_lock);
+        m_codeBlock->shrinkToFit(locker, CodeBlock::ShrinkMode::LateShrink);
+    }
+
     for (size_t i = 0; i < m_codeBlock->numberOfExceptionHandlers(); ++i) {
         HandlerInfo& handler = m_codeBlock->exceptionHandler(i);
         // FIXME: <rdar://problem/39433318>.

Modified: trunk/Source/_javascript_Core/jit/JIT.h (277849 => 277850)


--- trunk/Source/_javascript_Core/jit/JIT.h	2021-05-21 04:14:55 UTC (rev 277849)
+++ trunk/Source/_javascript_Core/jit/JIT.h	2021-05-21 06:35:06 UTC (rev 277850)
@@ -1056,6 +1056,8 @@
         BytecodeIndex m_loopOSREntryBytecodeIndex;
 
         RefPtr<DirectJITCode> m_jitCode;
+
+        Vector<std::pair<Call, CallLinkInfo&>> m_virtualCalls;
     };
 
 } // namespace JSC

Modified: trunk/Source/_javascript_Core/jit/JITCall.cpp (277849 => 277850)


--- trunk/Source/_javascript_Core/jit/JITCall.cpp	2021-05-21 04:14:55 UTC (rev 277849)
+++ trunk/Source/_javascript_Core/jit/JITCall.cpp	2021-05-21 06:35:06 UTC (rev 277850)
@@ -156,7 +156,7 @@
     addPtr(TrustedImm32(registerOffset * sizeof(Register) + sizeof(CallerFrameAndPC)), callFrameRegister, stackPointerRegister);
 
     load64(Address(stackPointerRegister, sizeof(Register) * CallFrameSlot::callee - sizeof(CallerFrameAndPC)), regT0);
-    emitVirtualCall(vm(), m_codeBlock->globalObject(), info);
+    m_virtualCalls.append(std::pair<Call, CallLinkInfo&> { emitUnlinkedVirtualCall(m_codeBlock->globalObject(), info), *info });
     addPtr(TrustedImm32(stackPointerOffsetFor(m_codeBlock) * sizeof(Register)), callFrameRegister, stackPointerRegister);
     checkStackPointerAlignment();

Modified: trunk/Source/_javascript_Core/jit/JITCall32_64.cpp (277849 => 277850)


--- trunk/Source/_javascript_Core/jit/JITCall32_64.cpp	2021-05-21 04:14:55 UTC (rev 277849)
+++ trunk/Source/_javascript_Core/jit/JITCall32_64.cpp	2021-05-21 06:35:06 UTC (rev 277850)
@@ -258,7 +258,7 @@
     addPtr(TrustedImm32(registerOffset * sizeof(Register) + sizeof(CallerFrameAndPC)), callFrameRegister, stackPointerRegister);
 
     emitLoad(callee, regT1, regT0);
-    emitVirtualCall(vm(), m_codeBlock->globalObject(), info);
+    m_virtualCalls.append(std::pair<Call, CallLinkInfo&> { emitUnlinkedVirtualCall(m_codeBlock->globalObject(), info), *info });
     addPtr(TrustedImm32(stackPointerOffsetFor(m_codeBlock) * sizeof(Register)), callFrameRegister, stackPointerRegister);
     checkStackPointerAlignment();

Modified: trunk/Source/_javascript_Core/jit/JITThunks.cpp (277849 => 277850)


--- trunk/Source/_javascript_Core/jit/JITThunks.cpp	2021-05-21 04:14:55 UTC (rev 277849)
+++ trunk/Source/_javascript_Core/jit/JITThunks.cpp	2021-05-21 06:35:06 UTC (rev 277850)
@@ -314,7 +314,15 @@
     INIT_BASELINE_SLOW_PATH_CALL_ROUTINE(create_async_generator);
     INIT_BASELINE_SLOW_PATH_CALL_ROUTINE(new_generator);
     INIT_BASELINE_SLOW_PATH_CALL_ROUTINE(pow);
+    INIT_BASELINE_SLOW_PATH_CALL_ROUTINE(mod);
 
+    ctiSlowPathFunctionStub(vm, iterator_open_try_fast_narrow);
+    ctiSlowPathFunctionStub(vm, iterator_open_try_fast_wide16);
+    ctiSlowPathFunctionStub(vm, iterator_open_try_fast_wide32);
+    ctiSlowPathFunctionStub(vm, iterator_next_try_fast_narrow);
+    ctiSlowPathFunctionStub(vm, iterator_next_try_fast_wide16);
+    ctiSlowPathFunctionStub(vm, iterator_next_try_fast_wide32);
+
     // From the BaselineJIT DEFINE_SLOWCASE_SLOW_OP list:
     INIT_BASELINE_SLOW_PATH_CALL_ROUTINE(unsigned);
     INIT_BASELINE_SLOW_PATH_CALL_ROUTINE(inc);
@@ -369,6 +377,9 @@
     ctiStub(vm, JIT::op_enter_handlerGenerator);
     ctiStub(vm, JIT::op_ret_handlerGenerator);
     ctiStub(vm, JIT::op_throw_handlerGenerator);
+
+    ctiStub(vm, linkCallThunkGenerator);
+    ctiStub(vm, arityFixupGenerator);
 }
 
 #endif // ENABLE(EXTRA_CTI_THUNKS)

Modified: trunk/Source/_javascript_Core/jit/JITWorklist.cpp (277849 => 277850)


--- trunk/Source/_javascript_Core/jit/JITWorklist.cpp	2021-05-21 04:14:55 UTC (rev 277849)
+++ trunk/Source/_javascript_Core/jit/JITWorklist.cpp	2021-05-21 06:35:06 UTC (rev 277850)
@@ -30,6 +30,7 @@
 
 #include "JIT.h"
 #include "VMInlines.h"
+#include <wtf/CompilationThread.h>
 
 namespace JSC {
 
@@ -148,8 +149,19 @@
         return WorkResult::Continue;
     }
 
+    void threadDidStart() final
+    {
+        m_compilationScope = makeUnique<CompilationScope>();
+    }
+    
+    void threadIsStopping(const AbstractLocker&) final
+    {
+        m_compilationScope = nullptr;
+    }
+
     JITWorklist& m_worklist;
     Plans m_myPlans;
+    std::unique_ptr<CompilationScope> m_compilationScope;
 };
 
 JITWorklist::JITWorklist()

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to