Diff
Modified: branches/safari-600.3-branch/Source/_javascript_Core/ChangeLog (177094 => 177095)
--- branches/safari-600.3-branch/Source/_javascript_Core/ChangeLog 2014-12-10 21:51:03 UTC (rev 177094)
+++ branches/safari-600.3-branch/Source/_javascript_Core/ChangeLog 2014-12-10 21:51:11 UTC (rev 177095)
@@ -1,5 +1,56 @@
2014-12-10 Matthew Hanson <matthew_han...@apple.com>
+ Merge r175593. <rdar://problem/19196762>
+
+ 2014-11-04 Mark Lam <mark....@apple.com>
+
+ Rename checkMarkByte() to jumpIfIsRememberedOrInEden().
+ <https://webkit.org/b/138369>
+
+ Reviewed by Geoffrey Garen.
+
+ Write barriers are needed for GC Eden collections so that we can scan pointers
+ pointing from old generation objects to eden generation objects. The barrier
+ currently checks the mark byte in a cell to see if we should skip adding the
+ cell to the GC remembered set. The addition should be skipped if:
+
+ 1. The cell is in the young generation. It has no old to eden pointers by
+ definition.
+ 2. The cell is already in the remembered set. While it is ok to add the cell
+ to the GC remembered set more than once, it would be redundant. Hence,
+ we skip this as an optimization to avoid doing unnecessary work.
+
+ The barrier currently names this check as checkMarkByte(). We should rename it
+ to jumpIfIsRememberedOrInEden() to be clearer about its intent.
+
+ Similarly, Jump results of this check are currently named
+ ownerNotMarkedOrAlreadyRemembered. This can be misinterpreted as the owner is
+ not marked or not already remembered. We should rename it to
+ ownerIsRememberedOrInEden which is clearer about the intent of the
+ check. What we are really checking for is that the cell is in the eden gen,
+ which is implied by it being "not marked".
+
+ * dfg/DFGOSRExitCompilerCommon.cpp:
+ (JSC::DFG::osrWriteBarrier):
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::writeBarrier):
+ * dfg/DFGSpeculativeJIT32_64.cpp:
+ (JSC::DFG::SpeculativeJIT::writeBarrier):
+ * dfg/DFGSpeculativeJIT64.cpp:
+ (JSC::DFG::SpeculativeJIT::writeBarrier):
+ * jit/AssemblyHelpers.h:
+ (JSC::AssemblyHelpers::jumpIfIsRememberedOrInEden):
+ (JSC::AssemblyHelpers::checkMarkByte): Deleted.
+ * jit/JITPropertyAccess.cpp:
+ (JSC::JIT::emitWriteBarrier):
+ * llint/LowLevelInterpreter.asm:
+ * llint/LowLevelInterpreter32_64.asm:
+ * llint/LowLevelInterpreter64.asm:
+ * runtime/JSCell.h:
+
+
+2014-12-10 Matthew Hanson <matthew_han...@apple.com>
+
Merge r175243. <rdar://problem/19196762>
2014-10-27 Mark Lam <mark....@apple.com>
Modified: branches/safari-600.3-branch/Source/_javascript_Core/dfg/DFGOSRExitCompilerCommon.cpp (177094 => 177095)
--- branches/safari-600.3-branch/Source/_javascript_Core/dfg/DFGOSRExitCompilerCommon.cpp 2014-12-10 21:51:03 UTC (rev 177094)
+++ branches/safari-600.3-branch/Source/_javascript_Core/dfg/DFGOSRExitCompilerCommon.cpp 2014-12-10 21:51:11 UTC (rev 177095)
@@ -177,7 +177,7 @@
#if ENABLE(GGC)
static void osrWriteBarrier(CCallHelpers& jit, GPRReg owner, GPRReg scratch)
{
- AssemblyHelpers::Jump ownerNotMarkedOrAlreadyRemembered = jit.checkMarkByte(owner);
+ AssemblyHelpers::Jump ownerIsRememberedOrInEden = jit.jumpIfIsRememberedOrInEden(owner);
// We need these extra slots because setupArgumentsWithExecState will use poke on x86.
#if CPU(X86)
@@ -192,7 +192,7 @@
jit.addPtr(MacroAssembler::TrustedImm32(sizeof(void*) * 3), MacroAssembler::stackPointerRegister);
#endif
- ownerNotMarkedOrAlreadyRemembered.link(&jit);
+ ownerIsRememberedOrInEden.link(&jit);
}
#endif // ENABLE(GGC)
Modified: branches/safari-600.3-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp (177094 => 177095)
--- branches/safari-600.3-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2014-12-10 21:51:03 UTC (rev 177094)
+++ branches/safari-600.3-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT.cpp 2014-12-10 21:51:11 UTC (rev 177095)
@@ -5440,16 +5440,16 @@
if (Heap::isMarked(value))
return;
- JITCompiler::Jump ownerNotMarkedOrAlreadyRemembered = m_jit.checkMarkByte(ownerGPR);
+ JITCompiler::Jump ownerIsRememberedOrInEden = m_jit.jumpIfIsRememberedOrInEden(ownerGPR);
storeToWriteBarrierBuffer(ownerGPR, scratch1, scratch2);
- ownerNotMarkedOrAlreadyRemembered.link(&m_jit);
+ ownerIsRememberedOrInEden.link(&m_jit);
}
void SpeculativeJIT::writeBarrier(GPRReg ownerGPR, GPRReg scratch1, GPRReg scratch2)
{
- JITCompiler::Jump ownerNotMarkedOrAlreadyRemembered = m_jit.checkMarkByte(ownerGPR);
+ JITCompiler::Jump ownerIsRememberedOrInEden = m_jit.jumpIfIsRememberedOrInEden(ownerGPR);
storeToWriteBarrierBuffer(ownerGPR, scratch1, scratch2);
- ownerNotMarkedOrAlreadyRemembered.link(&m_jit);
+ ownerIsRememberedOrInEden.link(&m_jit);
}
#else
void SpeculativeJIT::compileStoreBarrier(Node* node)
Modified: branches/safari-600.3-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp (177094 => 177095)
--- branches/safari-600.3-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2014-12-10 21:51:03 UTC (rev 177094)
+++ branches/safari-600.3-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT32_64.cpp 2014-12-10 21:51:11 UTC (rev 177095)
@@ -4657,9 +4657,9 @@
if (!isKnownCell(valueUse.node()))
isNotCell = m_jit.branch32(JITCompiler::NotEqual, valueTagGPR, JITCompiler::TrustedImm32(JSValue::CellTag));
- JITCompiler::Jump ownerNotMarkedOrAlreadyRemembered = m_jit.checkMarkByte(ownerGPR);
+ JITCompiler::Jump ownerIsRememberedOrInEden = m_jit.jumpIfIsRememberedOrInEden(ownerGPR);
storeToWriteBarrierBuffer(ownerGPR, scratch1, scratch2);
- ownerNotMarkedOrAlreadyRemembered.link(&m_jit);
+ ownerIsRememberedOrInEden.link(&m_jit);
if (!isKnownCell(valueUse.node()))
isNotCell.link(&m_jit);
@@ -4671,9 +4671,9 @@
if (!isKnownCell(valueUse.node()))
isNotCell = m_jit.branch32(JITCompiler::NotEqual, valueTagGPR, JITCompiler::TrustedImm32(JSValue::CellTag));
- JITCompiler::Jump ownerNotMarkedOrAlreadyRemembered = m_jit.checkMarkByte(owner);
+ JITCompiler::Jump ownerIsRememberedOrInEden = m_jit.jumpIfIsRememberedOrInEden(owner);
storeToWriteBarrierBuffer(owner, scratch1, scratch2);
- ownerNotMarkedOrAlreadyRemembered.link(&m_jit);
+ ownerIsRememberedOrInEden.link(&m_jit);
if (!isKnownCell(valueUse.node()))
isNotCell.link(&m_jit);
Modified: branches/safari-600.3-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp (177094 => 177095)
--- branches/safari-600.3-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2014-12-10 21:51:03 UTC (rev 177094)
+++ branches/safari-600.3-branch/Source/_javascript_Core/dfg/DFGSpeculativeJIT64.cpp 2014-12-10 21:51:11 UTC (rev 177095)
@@ -4784,9 +4784,9 @@
if (!isKnownCell(valueUse.node()))
isNotCell = branchNotCell(JSValueRegs(valueGPR));
- JITCompiler::Jump ownerNotMarkedOrAlreadyRemembered = m_jit.checkMarkByte(ownerGPR);
+ JITCompiler::Jump ownerIsRememberedOrInEden = m_jit.jumpIfIsRememberedOrInEden(ownerGPR);
storeToWriteBarrierBuffer(ownerGPR, scratch1, scratch2);
- ownerNotMarkedOrAlreadyRemembered.link(&m_jit);
+ ownerIsRememberedOrInEden.link(&m_jit);
if (!isKnownCell(valueUse.node()))
isNotCell.link(&m_jit);
@@ -4798,9 +4798,9 @@
if (!isKnownCell(valueUse.node()))
isNotCell = branchNotCell(JSValueRegs(valueGPR));
- JITCompiler::Jump ownerNotMarkedOrAlreadyRemembered = m_jit.checkMarkByte(owner);
+ JITCompiler::Jump ownerIsRememberedOrInEden = m_jit.jumpIfIsRememberedOrInEden(owner);
storeToWriteBarrierBuffer(owner, scratch1, scratch2);
- ownerNotMarkedOrAlreadyRemembered.link(&m_jit);
+ ownerIsRememberedOrInEden.link(&m_jit);
if (!isKnownCell(valueUse.node()))
isNotCell.link(&m_jit);
Modified: branches/safari-600.3-branch/Source/_javascript_Core/jit/AssemblyHelpers.h (177094 => 177095)
--- branches/safari-600.3-branch/Source/_javascript_Core/jit/AssemblyHelpers.h 2014-12-10 21:51:03 UTC (rev 177094)
+++ branches/safari-600.3-branch/Source/_javascript_Core/jit/AssemblyHelpers.h 2014-12-10 21:51:11 UTC (rev 177095)
@@ -626,12 +626,12 @@
static void emitStoreStructureWithTypeInfo(AssemblyHelpers& jit, TrustedImmPtr structure, RegisterID dest);
- Jump checkMarkByte(GPRReg cell)
+ Jump jumpIfIsRememberedOrInEden(GPRReg cell)
{
return branchTest8(MacroAssembler::NonZero, MacroAssembler::Address(cell, JSCell::gcDataOffset()));
}
- Jump checkMarkByte(JSCell* cell)
+ Jump jumpIfIsRememberedOrInEden(JSCell* cell)
{
uint8_t* address = reinterpret_cast<uint8_t*>(cell) + JSCell::gcDataOffset();
return branchTest8(MacroAssembler::NonZero, MacroAssembler::AbsoluteAddress(address));
Modified: branches/safari-600.3-branch/Source/_javascript_Core/jit/JITPropertyAccess.cpp (177094 => 177095)
--- branches/safari-600.3-branch/Source/_javascript_Core/jit/JITPropertyAccess.cpp 2014-12-10 21:51:03 UTC (rev 177094)
+++ branches/safari-600.3-branch/Source/_javascript_Core/jit/JITPropertyAccess.cpp 2014-12-10 21:51:11 UTC (rev 177095)
@@ -875,9 +875,9 @@
if (mode == ShouldFilterBaseAndValue || mode == ShouldFilterBase)
ownerNotCell = branchTest64(NonZero, regT0, tagMaskRegister);
- Jump ownerNotMarkedOrAlreadyRemembered = checkMarkByte(regT0);
+ Jump ownerIsRememberedOrInEden = jumpIfIsRememberedOrInEden(regT0);
callOperation(operationUnconditionalWriteBarrier, regT0);
- ownerNotMarkedOrAlreadyRemembered.link(this);
+ ownerIsRememberedOrInEden.link(this);
if (mode == ShouldFilterBaseAndValue || mode == ShouldFilterBase)
ownerNotCell.link(this);
@@ -925,9 +925,9 @@
if (mode == ShouldFilterBase || mode == ShouldFilterBaseAndValue)
ownerNotCell = branch32(NotEqual, regT0, TrustedImm32(JSValue::CellTag));
- Jump ownerNotMarkedOrAlreadyRemembered = checkMarkByte(regT1);
+ Jump ownerIsRememberedOrInEden = jumpIfIsRememberedOrInEden(regT1);
callOperation(operationUnconditionalWriteBarrier, regT1);
- ownerNotMarkedOrAlreadyRemembered.link(this);
+ ownerIsRememberedOrInEden.link(this);
if (mode == ShouldFilterBase || mode == ShouldFilterBaseAndValue)
ownerNotCell.link(this);
@@ -966,9 +966,9 @@
{
#if ENABLE(GGC)
if (!MarkedBlock::blockFor(owner)->isMarked(owner)) {
- Jump ownerNotMarkedOrAlreadyRemembered = checkMarkByte(owner);
+ Jump ownerIsRememberedOrInEden = jumpIfIsRememberedOrInEden(owner);
callOperation(operationUnconditionalWriteBarrier, owner);
- ownerNotMarkedOrAlreadyRemembered.link(this);
+ ownerIsRememberedOrInEden.link(this);
} else
callOperation(operationUnconditionalWriteBarrier, owner);
#else
Modified: branches/safari-600.3-branch/Source/_javascript_Core/llint/LowLevelInterpreter.asm (177094 => 177095)
--- branches/safari-600.3-branch/Source/_javascript_Core/llint/LowLevelInterpreter.asm 2014-12-10 21:51:03 UTC (rev 177094)
+++ branches/safari-600.3-branch/Source/_javascript_Core/llint/LowLevelInterpreter.asm 2014-12-10 21:51:11 UTC (rev 177095)
@@ -450,7 +450,7 @@
loadb JSCell::m_indexingType[cell], indexingType
end
-macro checkMarkByte(cell, scratch1, scratch2, continuation)
+macro skipIfIsRememberedOrInEden(cell, scratch1, scratch2, continuation)
loadb JSCell::m_gcData[cell], scratch1
continuation(scratch1)
end
Modified: branches/safari-600.3-branch/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm (177094 => 177095)
--- branches/safari-600.3-branch/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm 2014-12-10 21:51:03 UTC (rev 177094)
+++ branches/safari-600.3-branch/Source/_javascript_Core/llint/LowLevelInterpreter32_64.asm 2014-12-10 21:51:11 UTC (rev 177095)
@@ -544,7 +544,7 @@
if GGC
loadisFromInstruction(cellOperand, t1)
loadConstantOrVariablePayload(t1, CellTag, t2, .writeBarrierDone)
- checkMarkByte(t2, t1, t3,
+ skipIfIsRememberedOrInEden(t2, t1, t3,
macro(gcData)
btbnz gcData, .writeBarrierDone
push cfr, PC
@@ -578,7 +578,7 @@
loadp CodeBlock[cfr], t3
loadp CodeBlock::m_globalObject[t3], t3
- checkMarkByte(t3, t1, t2,
+ skipIfIsRememberedOrInEden(t3, t1, t2,
macro(gcData)
btbnz gcData, .writeBarrierDone
push cfr, PC
Modified: branches/safari-600.3-branch/Source/_javascript_Core/llint/LowLevelInterpreter64.asm (177094 => 177095)
--- branches/safari-600.3-branch/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2014-12-10 21:51:03 UTC (rev 177094)
+++ branches/safari-600.3-branch/Source/_javascript_Core/llint/LowLevelInterpreter64.asm 2014-12-10 21:51:11 UTC (rev 177095)
@@ -457,7 +457,7 @@
if GGC
loadisFromInstruction(cellOperand, t1)
loadConstantOrVariableCell(t1, t2, .writeBarrierDone)
- checkMarkByte(t2, t1, t3,
+ skipIfIsRememberedOrInEden(t2, t1, t3,
macro(gcData)
btbnz gcData, .writeBarrierDone
push PB, PC
@@ -488,7 +488,7 @@
loadp CodeBlock[cfr], t3
loadp CodeBlock::m_globalObject[t3], t3
- checkMarkByte(t3, t1, t2,
+ skipIfIsRememberedOrInEden(t3, t1, t2,
macro(gcData)
btbnz gcData, .writeBarrierDone
push PB, PC
Modified: branches/safari-600.3-branch/Source/_javascript_Core/runtime/JSCell.h (177094 => 177095)
--- branches/safari-600.3-branch/Source/_javascript_Core/runtime/JSCell.h 2014-12-10 21:51:03 UTC (rev 177094)
+++ branches/safari-600.3-branch/Source/_javascript_Core/runtime/JSCell.h 2014-12-10 21:51:11 UTC (rev 177095)
@@ -148,9 +148,14 @@
JSValue fastGetOwnProperty(VM&, Structure&, const String&);
enum GCData : uint8_t {
- Marked = 0,
- NotMarked = 1,
- MarkedAndRemembered = 2,
+ Marked = 0, // The object has survived a GC and is in the old gen.
+ NotMarked = 1, // The object is new and in the eden gen.
+ MarkedAndRemembered = 2, // The object is in the GC's remembered set.
+
+ // The object being in the GC's remembered set implies that it is also
+ // Marked. This is because objects are only added to the remembered sets
+ // by write barriers, and write barriers are only interested in old gen
+ // objects that point to potential eden gen objects.
};
void setMarked() { m_gcData = Marked; }