Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: e9ced931afc738c9413a26562ad2dd1d7fec4cd2
https://github.com/WebKit/WebKit/commit/e9ced931afc738c9413a26562ad2dd1d7fec4cd2
Author: Keith Miller <[email protected]>
Date: 2024-10-08 (Tue, 08 Oct 2024)
Changed paths:
M Source/JavaScriptCore/CMakeLists.txt
M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M Source/JavaScriptCore/Sources.txt
M Source/JavaScriptCore/assembler/LinkBuffer.cpp
M Source/JavaScriptCore/bytecode/SuperSampler.cpp
M Source/JavaScriptCore/heap/ConservativeRoots.cpp
M Source/JavaScriptCore/heap/ConservativeRoots.h
M Source/JavaScriptCore/heap/Heap.cpp
M Source/JavaScriptCore/heap/Heap.h
M Source/JavaScriptCore/heap/HeapUtil.h
M Source/JavaScriptCore/interpreter/CallFrame.cpp
M Source/JavaScriptCore/interpreter/CalleeBits.h
M Source/JavaScriptCore/jit/AssemblyHelpers.h
M Source/JavaScriptCore/jit/ExecutableAllocator.cpp
M Source/JavaScriptCore/jit/ExecutableAllocator.h
M Source/JavaScriptCore/llint/LLIntSlowPaths.cpp
M Source/JavaScriptCore/llint/LLIntSlowPaths.h
M Source/JavaScriptCore/llint/WebAssembly.asm
M Source/JavaScriptCore/offlineasm/parser.rb
M Source/JavaScriptCore/runtime/NativeCallee.h
M Source/JavaScriptCore/runtime/Options.cpp
M Source/JavaScriptCore/runtime/OptionsList.h
M Source/JavaScriptCore/runtime/WeakGCMapInlines.h
M Source/JavaScriptCore/tools/VMInspector.h
M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
M Source/JavaScriptCore/wasm/WasmBBQJIT.h
M Source/JavaScriptCore/wasm/WasmBBQPlan.cpp
M Source/JavaScriptCore/wasm/WasmCallee.cpp
M Source/JavaScriptCore/wasm/WasmCallee.h
M Source/JavaScriptCore/wasm/WasmCalleeGroup.cpp
M Source/JavaScriptCore/wasm/WasmCalleeGroup.h
R Source/JavaScriptCore/wasm/WasmCallsiteCollection.cpp
R Source/JavaScriptCore/wasm/WasmCallsiteCollection.h
M Source/JavaScriptCore/wasm/WasmFormat.h
M Source/JavaScriptCore/wasm/WasmFunctionCodeBlockGenerator.h
M Source/JavaScriptCore/wasm/WasmFunctionIPIntMetadataGenerator.h
M Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp
M Source/JavaScriptCore/wasm/WasmIPIntSlowPaths.cpp
M Source/JavaScriptCore/wasm/WasmIPIntTierUpCounter.h
M Source/JavaScriptCore/wasm/WasmIndexOrName.cpp
M Source/JavaScriptCore/wasm/WasmIndexOrName.h
M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp
M Source/JavaScriptCore/wasm/WasmLLIntTierUpCounter.cpp
M Source/JavaScriptCore/wasm/WasmLLIntTierUpCounter.h
M Source/JavaScriptCore/wasm/WasmModule.h
M Source/JavaScriptCore/wasm/WasmModuleInformation.h
M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp
M Source/JavaScriptCore/wasm/WasmOMGPlan.cpp
M Source/JavaScriptCore/wasm/WasmOSREntryData.h
M Source/JavaScriptCore/wasm/WasmOSREntryPlan.cpp
M Source/JavaScriptCore/wasm/WasmOperations.cpp
M Source/JavaScriptCore/wasm/WasmOperations.h
M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp
M Source/JavaScriptCore/wasm/WasmSlowPaths.h
M Source/JavaScriptCore/wasm/WasmThunks.cpp
M Source/JavaScriptCore/wasm/WasmTierUpCount.cpp
M Source/JavaScriptCore/wasm/WasmTierUpCount.h
M Source/JavaScriptCore/wasm/js/JSToWasm.cpp
M Source/JavaScriptCore/wasm/js/JSToWasm.h
M Source/WTF/WTF.xcodeproj/project.pbxproj
M Source/WTF/wtf/CMakeLists.txt
M Source/WTF/wtf/FixedBitVector.h
M Source/WTF/wtf/HashSet.h
M Source/WTF/wtf/HashTable.h
M Source/WTF/wtf/Lock.h
A Source/WTF/wtf/ScopedPrintStream.h
A Source/WTF/wtf/TaggedPtr.h
M Source/WTF/wtf/ThreadSafeWeakPtr.h
M Tools/Scripts/run-jsc-stress-tests
Log Message:
-----------
GC Wasm BBQ/OMG-OSR code
https://bugs.webkit.org/show_bug.cgi?id=280896
rdar://131411963
Reviewed by Yusuke Suzuki and David Degazio.
This patch enables GCing BBQ/OMG-OSR code. We don't reclaim OMG code
as it's the highest tier so there's nothing to replace it or LLInt/IPInt
because LLInt is on its way out and it's not clear how profitable it will
be to GC IPInt code.
To make this work a couple significant changes had to be made:
* NativeCallees are now ThreadSafeRefCountedAndCanMakeThreadSafeWeakPtr so
CalleeGroup can retain weak references to them.
* When doing updateCallsitesToCallUs we get the callsites from Wasm::JITCallees
directly rather than from anywhere else.
In order to quickly find the potential callees we record a FixedBitVector of
the FunctionCodeIndices that could have
a direct asm callsite to us. This also makes CallsiteCollection obsolete thus
is removed in this patch.
* CalleeGroup now holds ThreadSafeWeakOrStrongPtr to BBQCallees and a HashMap
of ThreadSafeWeakPtrs to OSREntryCallees.
When the BBQCallee is the current highest tier the BBQCallee is retained as a
strong reference. Once OMG code is compiled
that reference is made weak. This allows us to continue to update the
outgoing calls of this callee while it is still reachable.
If we didn't do this then we could fail to update the callsite and be left
with a dangling "pointer" to other code that's
already been collected.
* Once a Wasm::Callee is ready to be released we iterate all the VMs in the
process and give them a copy of the Callee. If they
don't see it on a stack scan it can be released as that VM isn't referencing
it.
* ConservativeRoots now knows that it needs to also look for boxed
Wasm::Callees on the stack. In order to avoid potentially
regressing performance when not running wasm the stack scan is now templated
on whether or not to look for boxed Wasm::Callees
on the stack.
There are a few other additions in WTF:
* `HashMap::takeIf`: Returns a Vector of the things the Invocable returns true
on.
* `TaggedPtr`: Which makes it easy to embed data into pointers. There are two
tagging modes for now:
1) `NoTaggingTraits`: Doesn't do tagging.
2) `EnumTaggingTraits`: tags with the members of a specific enum.
* `ThreadSafeWeakOrStrongPtr`: Similar to WeakOrStrongPtr but for
ThreadSafeRefCountedAndCanMakeThreadSafeWeakPtr.
* Source/JavaScriptCore/assembler/LinkBuffer.cpp:
(JSC::LinkBuffer::finalizeCodeWithDisassemblyImpl):
* Source/JavaScriptCore/bytecode/SuperSampler.cpp:
(JSC::initializeSuperSampler):
* Source/JavaScriptCore/heap/ConservativeRoots.cpp:
(JSC::ConservativeRoots::ConservativeRoots):
(JSC::ConservativeRoots::~ConservativeRoots):
(JSC::ConservativeRoots::genericAddPointer):
(JSC::ConservativeRoots::genericAddSpan):
* Source/JavaScriptCore/heap/ConservativeRoots.h:
* Source/JavaScriptCore/heap/Heap.cpp:
(JSC::Heap::addCoreConstraints):
(JSC::Heap::reportWasmCalleePendingDestruction):
(JSC::Heap::isWasmCalleePendingDestruction):
* Source/JavaScriptCore/heap/Heap.h:
* Source/JavaScriptCore/heap/HeapUtil.h:
(JSC::HeapUtil::findGCObjectPointersForMarking): Deleted.
* Source/JavaScriptCore/interpreter/CallFrame.cpp:
(JSC::CallFrame::dump const):
* Source/JavaScriptCore/interpreter/CalleeBits.h:
(JSC::CalleeBits::boxNativeCallee):
* Source/JavaScriptCore/jit/ExecutableAllocator.cpp:
(JSC::ExecutableMemoryHandle::~ExecutableMemoryHandle):
* Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:
(JSC::LLInt::logWasmPrologue): Deleted.
* Source/JavaScriptCore/llint/LLIntSlowPaths.h:
* Source/JavaScriptCore/runtime/NativeCallee.h:
* Source/JavaScriptCore/runtime/Options.cpp:
(JSC::Options::isAvailable):
* Source/JavaScriptCore/runtime/OptionsList.h:
* Source/JavaScriptCore/runtime/WeakGCMapInlines.h:
(JSC::KeyTraitsArg>::pruneStaleEntries):
* Source/JavaScriptCore/tools/VMInspector.h:
(JSC::VMInspector::WTF_REQUIRES_LOCK):
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJITImpl::BBQJIT::BBQJIT):
(JSC::Wasm::BBQJITImpl::BBQJIT::emitEntryTierUpCheck):
(JSC::Wasm::BBQJITImpl::BBQJIT::addTopLevel):
(JSC::Wasm::BBQJITImpl::BBQJIT::emitTailCall):
(JSC::Wasm::BBQJITImpl::BBQJIT::addCall):
(JSC::Wasm::BBQJITImpl::BBQJIT::takeDirectCallees):
(JSC::Wasm::parseAndCompileBBQ):
* Source/JavaScriptCore/wasm/WasmBBQJIT.h:
* Source/JavaScriptCore/wasm/WasmBBQPlan.cpp:
(JSC::Wasm::BBQPlan::work):
(JSC::Wasm::BBQPlan::compileFunction):
* Source/JavaScriptCore/wasm/WasmCallee.cpp:
(JSC::Wasm::Callee::Callee):
(JSC::Wasm::Callee::reportToVMsForDestruction):
(JSC::Wasm::JSEntrypointCallee::JSEntrypointCallee):
* Source/JavaScriptCore/wasm/WasmCallee.h:
* Source/JavaScriptCore/wasm/WasmCalleeGroup.cpp:
(JSC::Wasm::CalleeGroup::CalleeGroup):
(JSC::Wasm::CalleeGroup::tryGetBBQCalleeForLoopOSR):
(JSC::Wasm::CalleeGroup::releaseBBQCallee):
(JSC::Wasm::CalleeGroup::updateCallsitesToCallUs):
(JSC::Wasm::CalleeGroup::reportCallees):
(JSC::Wasm::CalleeGroup::calleeIsReferenced const):
* Source/JavaScriptCore/wasm/WasmCalleeGroup.h:
* Source/JavaScriptCore/wasm/WasmCallsiteCollection.cpp:
(JSC::Wasm::CallsiteCollection::addCalleeGroupCallsites):
(JSC::Wasm::CallsiteCollection::updateCallsitesToCallUs):
* Source/JavaScriptCore/wasm/WasmCallsiteCollection.h:
* Source/JavaScriptCore/wasm/WasmFormat.h:
* Source/JavaScriptCore/wasm/WasmFunctionCodeBlockGenerator.h:
(JSC::Wasm::FunctionCodeBlockGenerator::takeCallees):
* Source/JavaScriptCore/wasm/WasmFunctionIPIntMetadataGenerator.h:
(JSC::Wasm::FunctionIPIntMetadataGenerator::takeCallees):
* Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp:
(JSC::Wasm::IPIntGenerator::IPIntGenerator):
(JSC::Wasm::IPIntGenerator::addCall):
* Source/JavaScriptCore/wasm/WasmIPIntSlowPaths.cpp:
(JSC::IPInt::jitCompileAndSetHeuristics):
(JSC::IPInt::WASM_IPINT_EXTERN_CPP_DECL):
* Source/JavaScriptCore/wasm/WasmIPIntTierUpCounter.h:
(JSC::Wasm::IPIntTierUpCounter::WTF_REQUIRES_LOCK):
(JSC::Wasm::IPIntTierUpCounter::compilationStatus): Deleted.
(JSC::Wasm::IPIntTierUpCounter::setCompilationStatus): Deleted.
(JSC::Wasm::IPIntTierUpCounter::loopCompilationStatus): Deleted.
(JSC::Wasm::IPIntTierUpCounter::setLoopCompilationStatus): Deleted.
* Source/JavaScriptCore/wasm/WasmIndexOrName.cpp:
(JSC::Wasm::IndexOrName::dump const):
* Source/JavaScriptCore/wasm/WasmIndexOrName.h:
* Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp:
(JSC::Wasm::LLIntGenerator::LLIntGenerator):
(JSC::Wasm::LLIntGenerator::addCall):
* Source/JavaScriptCore/wasm/WasmLLIntTierUpCounter.cpp:
(JSC::Wasm::LLIntTierUpCounter::reset):
(JSC::Wasm::LLIntTierUpCounter::addOSREntryDataForLoop): Deleted.
* Source/JavaScriptCore/wasm/WasmLLIntTierUpCounter.h:
(JSC::Wasm::LLIntTierUpCounter::WTF_REQUIRES_LOCK):
(JSC::Wasm::LLIntTierUpCounter::compilationStatus): Deleted.
(JSC::Wasm::LLIntTierUpCounter::setCompilationStatus): Deleted.
(JSC::Wasm::LLIntTierUpCounter::loopCompilationStatus): Deleted.
(JSC::Wasm::LLIntTierUpCounter::setLoopCompilationStatus): Deleted.
* Source/JavaScriptCore/wasm/WasmModule.h:
* Source/JavaScriptCore/wasm/WasmModuleInformation.h:
* Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp:
(JSC::Wasm::OMGIRGenerator::OMGIRGenerator):
(JSC::Wasm::OMGIRGenerator::addCall):
(JSC::Wasm::parseAndCompileOMG):
* Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp:
(JSC::Wasm::parseAndCompileOMG):
* Source/JavaScriptCore/wasm/WasmOMGPlan.cpp:
(JSC::Wasm::OMGPlan::dumpDisassembly):
(JSC::Wasm::OMGPlan::work):
* Source/JavaScriptCore/wasm/WasmOSREntryData.h:
(JSC::Wasm::OSREntryData::OSREntryData):
(JSC::Wasm::OSREntryData::functionIndex const):
* Source/JavaScriptCore/wasm/WasmOSREntryPlan.cpp:
(JSC::Wasm::OSREntryPlan::dumpDisassembly):
(JSC::Wasm::OSREntryPlan::work):
* Source/JavaScriptCore/wasm/WasmOperations.cpp:
(JSC::Wasm::JSC_DEFINE_NOEXCEPT_JIT_OPERATION):
* Source/JavaScriptCore/wasm/WasmOperations.h:
* Source/JavaScriptCore/wasm/WasmSlowPaths.cpp:
(JSC::LLInt::jitCompileAndSetHeuristics):
(JSC::LLInt::WASM_SLOW_PATH_DECL):
(JSC::LLInt::logWasmPrologue):
* Source/JavaScriptCore/wasm/WasmSlowPaths.h:
* Source/JavaScriptCore/wasm/WasmThunks.cpp:
(JSC::Wasm::triggerOMGEntryTierUpThunkGeneratorImpl):
* Source/JavaScriptCore/wasm/WasmTierUpCount.cpp:
(JSC::Wasm::TierUpCount::addOSREntryData):
* Source/JavaScriptCore/wasm/WasmTierUpCount.h:
(JSC::Wasm::TierUpCount::optimizeAfterWarmUp):
(JSC::Wasm::TierUpCount::dontOptimizeAnytimeSoon):
(JSC::Wasm::TierUpCount::optimizeNextInvocation):
(JSC::Wasm::TierUpCount::optimizeSoon):
(JSC::Wasm::TierUpCount::setOptimizationThresholdBasedOnCompilationResult):
* Source/JavaScriptCore/wasm/WasmWorklist.cpp:
* Source/JavaScriptCore/wasm/js/JSToWasm.cpp:
(JSC::Wasm::FunctionSignature::jsToWasmICEntrypoint const):
* Source/JavaScriptCore/wasm/js/JSToWasm.h:
* Source/WTF/WTF.xcodeproj/project.pbxproj:
* Source/WTF/wtf/FixedBitVector.h:
(WTF::FixedBitVector::merge):
(WTF::FixedBitVector::filter):
(WTF::FixedBitVector::exclude):
* Source/WTF/wtf/HashSet.h:
* Source/WTF/wtf/HashTable.h:
(WTF::KeyTraits>::removeIf):
(WTF::KeyTraits>::takeIf):
* Source/WTF/wtf/Lock.h:
* Source/WTF/wtf/ScopedPrintStream.h: Copied from
Source/JavaScriptCore/wasm/js/JSToWasm.h.
* Source/WTF/wtf/TaggedPtr.h: Added.
(WTF::TaggedPtr::TaggedPtr):
(WTF::TaggedPtr::tag const):
(WTF::TaggedPtr::ptr const):
(WTF::TaggedPtr::ptr):
(WTF::TaggedPtr::set):
(WTF::TaggedPtr::setTag):
(WTF::TaggedPtr::operator=):
(WTF::static_cast<Enum>):
(WTF::NoTaggingTraits::encode):
(WTF::NoTaggingTraits::extractPtr):
(WTF::NoTaggingTraits::extractTag):
* Source/WTF/wtf/ThreadSafeWeakPtr.h:
(WTF::ThreadSafeWeakPtrControlBlock::refCount const):
(WTF::ThreadSafeRefCountedAndCanMakeThreadSafeWeakPtr::refCount const):
(WTF::ThreadSafeWeakOrStrongPtr::status const):
(WTF::ThreadSafeWeakOrStrongPtr::isWeak const):
(WTF::ThreadSafeWeakOrStrongPtr::isStrong const):
(WTF::ThreadSafeWeakOrStrongPtr::get const):
(WTF::ThreadSafeWeakOrStrongPtr::ptr const):
(WTF::ThreadSafeWeakOrStrongPtr::convertToWeak):
(WTF::ThreadSafeWeakOrStrongPtr::tryConvertToStrong):
(WTF::ThreadSafeWeakOrStrongPtr::operator=):
(WTF::ThreadSafeWeakOrStrongPtr::ThreadSafeWeakOrStrongPtr):
(WTF::ThreadSafeWeakOrStrongPtr::~ThreadSafeWeakOrStrongPtr):
(WTF::ThreadSafeWeakPtr::ThreadSafeWeakPtr): Deleted.
(WTF::ThreadSafeWeakPtr::operator=): Deleted.
(WTF::ThreadSafeWeakPtr::get const): Deleted.
(WTF::ThreadSafeWeakPtr::controlBlock): Deleted.
* Tools/Scripts/run-jsc-stress-tests:
Canonical link: https://commits.webkit.org/284867@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
