Changeset 190694 in webkit for trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp

Timestamp:

Oct 7, 2015, 4:10:20 PM (10 years ago)

Author:

[email protected]

Message:

Unreviewed, rolling back in r190450
​https://bugs.webkit.org/show_bug.cgi?id=149727

This time for sure?

The cause of the leak was an invalidated compilation.

There was vestigial manual memory management code that eagerly removed
a CodeBlock from the set of CodeBlocks if compilation was invalidated.
That's not cool since we rely on the set of CodeBlocks when we run
destructors.

The fix is to remove the vestigial code.

I ran the leaks, correctness, and performance tests locally and did not
see any problems.

Restored changesets:

"CodeBlock should be a GC object"
​https://bugs.webkit.org/show_bug.cgi?id=149727
​http://trac.webkit.org/changeset/190450

File:

• trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp (modified) (6 diffs)

trunk/Source/JavaScriptCore/dfg/DFGOperations.cpp

@@ -1308 +1308 @@
     bool didTryToEnterIntoInlinedLoops = false;
     for (InlineCallFrame* inlineCallFrame = exit->m_codeOrigin.inlineCallFrame; inlineCallFrame; inlineCallFrame = inlineCallFrame->directCaller.inlineCallFrame) {
-        if (inlineCallFrame->executable->didTryToEnterInLoop()) {
+        if (inlineCallFrame->baselineCodeBlock->ownerScriptExecutable()->didTryToEnterInLoop()) {
             didTryToEnterIntoInlinedLoops = true;
             break;
@@ -1378 +1378 @@
     // We need to compile the code.
     compile(
-        *vm, codeBlock->newReplacement().get(), codeBlock, FTLMode, UINT_MAX,
-        Operands<JSValue>(), ToFTLDeferredCompilationCallback::create(codeBlock));
+        *vm, codeBlock->newReplacement(), codeBlock, FTLMode, UINT_MAX,
+        Operands<JSValue>(), ToFTLDeferredCompilationCallback::create());
 }
 
@@ -1464 +1464 @@
         return 0;
     
-    if (CodeBlock* entryBlock = jitCode->osrEntryBlock.get()) {
+    if (CodeBlock* entryBlock = jitCode->osrEntryBlock()) {
         void* address = FTL::prepareOSREntry(
             exec, codeBlock, entryBlock, bytecodeIndex, streamIndex);
@@ -1478 +1478 @@
         // OSR entry failed. Oh no! This implies that we need to retry. We retry
         // without exponential backoff and we only do this for the entry code block.
-        jitCode->osrEntryBlock = nullptr;
+        jitCode->clearOSREntryBlock();
         jitCode->osrEntryRetry = 0;
         return 0;
@@ -1495 +1495 @@
     jitCode->reconstruct(
         exec, codeBlock, CodeOrigin(bytecodeIndex), streamIndex, mustHandleValues);
-    RefPtr<CodeBlock> replacementCodeBlock = codeBlock->newReplacement();
+    CodeBlock* replacementCodeBlock = codeBlock->newReplacement();
     CompilationResult forEntryResult = compile(
-        *vm, replacementCodeBlock.get(), codeBlock, FTLForOSREntryMode, bytecodeIndex,
-        mustHandleValues, ToFTLForOSREntryDeferredCompilationCallback::create(codeBlock));
-    
-    if (forEntryResult != CompilationSuccessful) {
-        ASSERT(forEntryResult == CompilationDeferred || replacementCodeBlock->hasOneRef());
+        *vm, replacementCodeBlock, codeBlock, FTLForOSREntryMode, bytecodeIndex,
+        mustHandleValues, ToFTLForOSREntryDeferredCompilationCallback::create());
+    
+    if (forEntryResult != CompilationSuccessful)
         return 0;
-    }
 
     // It's possible that the for-entry compile already succeeded. In that case OSR
@@ -1509 +1507 @@
     // We signal to try again after a while if that happens.
     void* address = FTL::prepareOSREntry(
-        exec, codeBlock, jitCode->osrEntryBlock.get(), bytecodeIndex, streamIndex);
+        exec, codeBlock, jitCode->osrEntryBlock(), bytecodeIndex, streamIndex);
     return static_cast<char*>(address);
 }