Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: bebb1488bc66c7d4a4b5b2837a3e8e163659b623
https://github.com/WebKit/WebKit/commit/bebb1488bc66c7d4a4b5b2837a3e8e163659b623
Author: Yusuke Suzuki <[email protected]>
Date: 2023-11-27 (Mon, 27 Nov 2023)
Changed paths:
M Source/JavaScriptCore/bytecode/CodeBlock.cpp
M Source/JavaScriptCore/bytecode/CodeBlockJettisoningWatchpoint.cpp
M Source/JavaScriptCore/bytecode/CodeBlockJettisoningWatchpoint.h
M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp
M Source/JavaScriptCore/bytecode/MetadataTable.cpp
M Source/JavaScriptCore/bytecode/MetadataTable.h
M Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp
M Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h
M Source/JavaScriptCore/bytecode/UnlinkedMetadataTable.h
M Source/JavaScriptCore/heap/CodeBlockSet.cpp
M Source/JavaScriptCore/heap/CodeBlockSet.h
M Source/JavaScriptCore/heap/Heap.cpp
M Source/JavaScriptCore/heap/Heap.h
M Source/JavaScriptCore/heap/JITStubRoutineSet.cpp
M Source/JavaScriptCore/heap/JITStubRoutineSet.h
M Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp
M Source/JavaScriptCore/jit/GCAwareJITStubRoutine.h
M Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.cpp
M Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.h
M Source/JavaScriptCore/runtime/CachedTypes.cpp
Log Message:
-----------
[JSC] Make CodeBlock destruction lazy
https://bugs.webkit.org/show_bug.cgi?id=265361
rdar://118818460
Reviewed by Mark Lam.
This patch makes CodeBlock destruction lazy.
1. CodeBlockSet is relying on the fact that CodeBlock's destructor is called as
soon as it gets dead.
We wipe dead CodeBlocks instead in
CodeBlockSet::clearCurrentlyExecutingAndRemoveDeadCodeBlocks.
2. JITStubRoutine has a possibility that, (1) now CodeBlock is dead but
destructor is not called, (2) JITStubRoutine
was not executed, but (3) because of conservativeness, once it is determined
as non-executed but now it is conservatively
seen as executed. In this case, we may mark already dead cells and cause the
problem. In this patch, GCAwareJITStubRoutine
now has owner cell (we already had this concept), and we maintain the
liveness information of this owner cell.
As a result, we can know that whether this JITStubRoutine is dead or not
based on this owner cell's liveness and avoid the
above race conditions.
3. CodeBlockJettisoningWatchpoint should check whether CodeBlock is still alive
(via isLive), since it is possible that CodeBlock
may be dead now but destructor is not called yet. This is well aligned to
the other Watchpoint.
4. CodeBlock destructor should not touch UnlinkedCodeBlock since it may be
already dead at this point. Previously it was OK since
we are always sweeping CodeBlocks first before UnlinkedCodeBlock. But now
this is not guaranteed. But only usage is didOptimize
bit propagation. So we put this in UnlinkedMetadataTable instead. We may
miss this propagation when MetadataTable is empty, but
this is very rare and it happens only for super small functions, so it does
not matter for the real world code.
* Source/JavaScriptCore/bytecode/CodeBlock.cpp:
(JSC::CodeBlock::~CodeBlock):
* Source/JavaScriptCore/bytecode/CodeBlockJettisoningWatchpoint.cpp:
(JSC::CodeBlockJettisoningWatchpoint::fireInternal):
* Source/JavaScriptCore/bytecode/CodeBlockJettisoningWatchpoint.h:
* Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp:
(JSC::InlineCacheCompiler::regenerate):
* Source/JavaScriptCore/bytecode/MetadataTable.cpp:
(JSC::MetadataTable::sizeInBytesForGC):
* Source/JavaScriptCore/bytecode/MetadataTable.h:
(JSC::MetadataTable::forEachValueProfile):
(JSC::MetadataTable::valueProfileForOffset):
(JSC::MetadataTable::unlinkedMetadata const):
(JSC::MetadataTable::totalSize const):
* Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp:
(JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
* Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h:
(JSC::UnlinkedCodeBlock::didOptimize const):
(JSC::UnlinkedCodeBlock::setDidOptimize):
* Source/JavaScriptCore/bytecode/UnlinkedMetadataTable.h:
(JSC::UnlinkedMetadataTable::didOptimize const):
(JSC::UnlinkedMetadataTable::setDidOptimize):
* Source/JavaScriptCore/heap/CodeBlockSet.cpp:
(JSC::CodeBlockSet::clearCurrentlyExecutingAndRemoveDeadCodeBlocks):
(JSC::CodeBlockSet::clearCurrentlyExecuting): Deleted.
* Source/JavaScriptCore/heap/CodeBlockSet.h:
* Source/JavaScriptCore/heap/Heap.cpp:
(JSC::Heap::deleteUnmarkedCompiledCode):
(JSC::Heap::runEndPhase):
(JSC::Heap::finalize):
* Source/JavaScriptCore/heap/JITStubRoutineSet.cpp:
(JSC::JITStubRoutineSet::~JITStubRoutineSet):
(JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
* Source/JavaScriptCore/heap/JITStubRoutineSet.h:
(JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
* Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp:
(JSC::GCAwareJITStubRoutine::GCAwareJITStubRoutine):
(JSC::PolymorphicAccessJITStubRoutine::PolymorphicAccessJITStubRoutine):
(JSC::MarkingGCAwareJITStubRoutine::MarkingGCAwareJITStubRoutine):
(JSC::GCAwareJITStubRoutineWithExceptionHandler::GCAwareJITStubRoutineWithExceptionHandler):
(JSC::createICJITStubRoutine):
* Source/JavaScriptCore/jit/GCAwareJITStubRoutine.h:
(JSC::GCAwareJITStubRoutine::create):
(JSC::GCAwareJITStubRoutine::owner const):
* Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.cpp:
(JSC::PolymorphicCallStubRoutine::PolymorphicCallStubRoutine):
* Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.h:
* Source/JavaScriptCore/runtime/CachedTypes.cpp:
(JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
Canonical link: https://commits.webkit.org/271184@main
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
