Ignore:
Timestamp:
Jan 10, 2018, 11:41:12 AM (8 years ago)
Author:
[email protected]
Message:

Unreviewed, rolling out r226667 and r226673.
https://bugs.webkit.org/show_bug.cgi?id=181488

This caused a flaky crash. (Requested by mlewis13 on #webkit).

Reverted changesets:

"CodeBlocks should be in IsoSubspaces"
https://bugs.webkit.org/show_bug.cgi?id=180884
https://trac.webkit.org/changeset/226667

"REGRESSION (r226667): CodeBlocks should be in IsoSubspaces"
https://bugs.webkit.org/show_bug.cgi?id=180884
https://trac.webkit.org/changeset/226673

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/JavaScriptCore/bytecode/CodeBlock.cpp

    r226667 r226725  
    5252#include "InlineCallFrame.h"
    5353#include "InterpreterInlines.h"
    54 #include "IsoCellSetInlines.h"
    5554#include "JIT.h"
    5655#include "JITMathIC.h"
     
    331330    , m_reoptimizationRetryCounter(0)
    332331    , m_creationTime(MonotonicTime::now())
    333 {
     332    , m_unconditionalFinalizer(makePoisonedUnique<UnconditionalFinalizer>(*this))
     333    , m_weakReferenceHarvester(makePoisonedUnique<WeakReferenceHarvester>(*this))
     334{
     335    m_visitWeaklyHasBeenCalled = false;
     336
    334337    ASSERT(heap()->isDeferred());
    335338    ASSERT(m_scopeRegister.isLocal());
    336339
    337340    setNumParameters(other.numParameters());
    338    
    339     vm->heap.codeBlockSet().add(this);
    340341}
    341342
     
    343344{
    344345    Base::finishCreation(vm);
    345     finishCreationCommon(vm);
    346346
    347347    optimizeAfterWarmUp();
     
    355355        m_rareData->m_stringSwitchJumpTables = other.m_rareData->m_stringSwitchJumpTables;
    356356    }
     357   
     358    heap()->m_codeBlocks->add(this);
    357359}
    358360
     
    388390    , m_reoptimizationRetryCounter(0)
    389391    , m_creationTime(MonotonicTime::now())
    390 {
     392    , m_unconditionalFinalizer(makePoisonedUnique<UnconditionalFinalizer>(*this))
     393    , m_weakReferenceHarvester(makePoisonedUnique<WeakReferenceHarvester>(*this))
     394{
     395    m_visitWeaklyHasBeenCalled = false;
     396
    391397    ASSERT(heap()->isDeferred());
    392398    ASSERT(m_scopeRegister.isLocal());
     
    394400    ASSERT(m_source);
    395401    setNumParameters(unlinkedCodeBlock->numParameters());
    396    
    397     vm->heap.codeBlockSet().add(this);
    398402}
    399403
     
    410414{
    411415    Base::finishCreation(vm);
    412     finishCreationCommon(vm);
    413416
    414417    auto throwScope = DECLARE_THROW_SCOPE(vm);
     
    847850        dumpBytecode();
    848851
     852    heap()->m_codeBlocks->add(this);
    849853    heap()->reportExtraMemoryAllocated(m_instructions.size() * sizeof(Instruction));
    850854
     
    852856}
    853857
    854 void CodeBlock::finishCreationCommon(VM& vm)
    855 {
    856     m_ownerEdge.set(vm, this, ExecutableToCodeBlockEdge::create(vm, this));
    857 }
    858 
    859858CodeBlock::~CodeBlock()
    860859{
    861860    VM& vm = *m_poisonedVM;
    862 
    863     vm.heap.codeBlockSet().remove(this);
    864    
    865861    if (UNLIKELY(vm.m_perBytecodeProfiler))
    866862        vm.m_perBytecodeProfiler->notifyDestruction(this);
    867863
    868     if (!vm.heap.isShuttingDown() && unlinkedCodeBlock()->didOptimize() == MixedTriState)
     864    if (unlinkedCodeBlock()->didOptimize() == MixedTriState)
    869865        unlinkedCodeBlock()->setDidOptimize(FalseTriState);
    870866
     
    980976}
    981977
     978void CodeBlock::visitWeakly(SlotVisitor& visitor)
     979{
     980    ConcurrentJSLocker locker(m_lock);
     981    if (m_visitWeaklyHasBeenCalled)
     982        return;
     983   
     984    m_visitWeaklyHasBeenCalled = true;
     985
     986    if (Heap::isMarked(this))
     987        return;
     988
     989    if (shouldVisitStrongly(locker)) {
     990        visitor.appendUnbarriered(this);
     991        return;
     992    }
     993   
     994    // There are two things that may use unconditional finalizers: inline cache clearing
     995    // and jettisoning. The probability of us wanting to do at least one of those things
     996    // is probably quite close to 1. So we add one no matter what and when it runs, it
     997    // figures out whether it has any work to do.
     998    visitor.addUnconditionalFinalizer(m_unconditionalFinalizer.get());
     999
     1000    if (!JITCode::isOptimizingJIT(jitType()))
     1001        return;
     1002
     1003    // If we jettison ourselves we'll install our alternative, so make sure that it
     1004    // survives GC even if we don't.
     1005    visitor.append(m_alternative);
     1006   
     1007    // There are two things that we use weak reference harvesters for: DFG fixpoint for
     1008    // jettisoning, and trying to find structures that would be live based on some
     1009    // inline cache. So it makes sense to register them regardless.
     1010    visitor.addWeakReferenceHarvester(m_weakReferenceHarvester.get());
     1011
     1012#if ENABLE(DFG_JIT)
     1013    // We get here if we're live in the sense that our owner executable is live,
     1014    // but we're not yet live for sure in another sense: we may yet decide that this
     1015    // code block should be jettisoned based on its outgoing weak references being
     1016    // stale. Set a flag to indicate that we're still assuming that we're dead, and
     1017    // perform one round of determining if we're live. The GC may determine, based on
     1018    // either us marking additional objects, or by other objects being marked for
     1019    // other reasons, that this iteration should run again; it will notify us of this
     1020    // decision by calling harvestWeakReferences().
     1021
     1022    m_allTransitionsHaveBeenMarked = false;
     1023    propagateTransitions(locker, visitor);
     1024
     1025    m_jitCode->dfgCommon()->livenessHasBeenProved = false;
     1026    determineLiveness(locker, visitor);
     1027#endif // ENABLE(DFG_JIT)
     1028}
     1029
    9821030size_t CodeBlock::estimatedSize(JSCell* cell)
    9831031{
     
    9941042    ASSERT_GC_OBJECT_INHERITS(thisObject, info());
    9951043    JSCell::visitChildren(thisObject, visitor);
    996     visitor.append(thisObject->m_ownerEdge);
    9971044    thisObject->visitChildren(visitor);
    9981045}
     
    10011048{
    10021049    ConcurrentJSLocker locker(m_lock);
     1050    // There are two things that may use unconditional finalizers: inline cache clearing
     1051    // and jettisoning. The probability of us wanting to do at least one of those things
     1052    // is probably quite close to 1. So we add one no matter what and when it runs, it
     1053    // figures out whether it has any work to do.
     1054    visitor.addUnconditionalFinalizer(m_unconditionalFinalizer.get());
     1055
    10031056    if (CodeBlock* otherBlock = specialOSREntryBlockOrNull())
    10041057        visitor.appendUnbarriered(otherBlock);
     
    10191072    stronglyVisitStrongReferences(locker, visitor);
    10201073    stronglyVisitWeakReferences(locker, visitor);
    1021    
    1022     VM::SpaceAndFinalizerSet::finalizerSetFor(*subspace()).add(this);
     1074
     1075    m_allTransitionsHaveBeenMarked = false;
     1076    propagateTransitions(locker, visitor);
    10231077}
    10241078
     
    11111165    UNUSED_PARAM(visitor);
    11121166
     1167    if (m_allTransitionsHaveBeenMarked)
     1168        return;
     1169
    11131170    VM& vm = *m_poisonedVM;
    1114 
     1171    bool allAreMarkedSoFar = true;
     1172       
    11151173    if (jitType() == JITCode::InterpreterThunk) {
    11161174        const Vector<unsigned>& propertyAccessInstructions = m_unlinkedCode->propertyAccessInstructions();
     
    11291187                if (Heap::isMarked(oldStructure))
    11301188                    visitor.appendUnbarriered(newStructure);
     1189                else
     1190                    allAreMarkedSoFar = false;
    11311191                break;
    11321192            }
     
    11401200    if (JITCode::isJIT(jitType())) {
    11411201        for (auto iter = m_stubInfos.begin(); !!iter; ++iter)
    1142             (*iter)->propagateTransitions(visitor);
     1202            allAreMarkedSoFar &= (*iter)->propagateTransitions(visitor);
    11431203    }
    11441204#endif // ENABLE(JIT)
     
    11481208        DFG::CommonData* dfgCommon = m_jitCode->dfgCommon();
    11491209        for (auto& weakReference : dfgCommon->weakStructureReferences)
    1150             weakReference->markIfCheap(visitor);
     1210            allAreMarkedSoFar &= weakReference->markIfCheap(visitor);
    11511211
    11521212        for (auto& transition : dfgCommon->transitions) {
     
    11721232
    11731233                visitor.append(transition.m_to);
    1174             }
     1234            } else
     1235                allAreMarkedSoFar = false;
    11751236        }
    11761237    }
    11771238#endif // ENABLE(DFG_JIT)
     1239   
     1240    if (allAreMarkedSoFar)
     1241        m_allTransitionsHaveBeenMarked = true;
    11781242}
    11791243
     
    11831247   
    11841248#if ENABLE(DFG_JIT)
    1185     if (Heap::isMarked(this))
     1249    // Check if we have any remaining work to do.
     1250    DFG::CommonData* dfgCommon = m_jitCode->dfgCommon();
     1251    if (dfgCommon->livenessHasBeenProved)
    11861252        return;
    11871253   
    1188     // In rare and weird cases, this could be called on a baseline CodeBlock. One that I found was
    1189     // that we might decide that the CodeBlock should be jettisoned due to old age, so the
    1190     // isMarked check doesn't protect us.
    1191     if (!JITCode::isOptimizingJIT(jitType()))
    1192         return;
    1193    
    1194     DFG::CommonData* dfgCommon = m_jitCode->dfgCommon();
    11951254    // Now check all of our weak references. If all of them are live, then we
    11961255    // have proved liveness and so we scan our strong references. If at end of
     
    12211280    // All weak references are live. Record this information so we don't
    12221281    // come back here again, and scan the strong references.
     1282    dfgCommon->livenessHasBeenProved = true;
    12231283    visitor.appendUnbarriered(this);
    12241284#endif // ENABLE(DFG_JIT)
     1285}
     1286
     1287void CodeBlock::WeakReferenceHarvester::visitWeakReferences(SlotVisitor& visitor)
     1288{
     1289    codeBlock.propagateTransitions(NoLockingNecessary, visitor);
     1290    codeBlock.determineLiveness(NoLockingNecessary, visitor);
    12251291}
    12261292
     
    13561422}
    13571423
    1358 void CodeBlock::finalizeUnconditionally(VM&)
    1359 {
    1360     updateAllPredictions();
    1361    
    1362     if (JITCode::couldBeInterpreted(jitType()))
    1363         finalizeLLIntInlineCaches();
     1424void CodeBlock::UnconditionalFinalizer::finalizeUnconditionally()
     1425{
     1426    codeBlock.updateAllPredictions();
     1427   
     1428    if (!Heap::isMarked(&codeBlock)) {
     1429        if (codeBlock.shouldJettisonDueToWeakReference())
     1430            codeBlock.jettison(Profiler::JettisonDueToWeakReference);
     1431        else
     1432            codeBlock.jettison(Profiler::JettisonDueToOldAge);
     1433        return;
     1434    }
     1435
     1436    if (JITCode::couldBeInterpreted(codeBlock.jitType()))
     1437        codeBlock.finalizeLLIntInlineCaches();
    13641438
    13651439#if ENABLE(JIT)
    1366     if (!!jitCode())
    1367         finalizeBaselineJITInlineCaches();
    1368 #endif
    1369 
    1370     VM::SpaceAndFinalizerSet::finalizerSetFor(*subspace()).remove(this);
     1440    if (!!codeBlock.jitCode())
     1441        codeBlock.finalizeBaselineJITInlineCaches();
     1442#endif
    13711443}
    13721444
     
    15221594   
    15231595    visitor.append(m_globalObject);
    1524     visitor.append(m_ownerExecutable); // This is extra important since it causes the ExecutableToCodeBlockEdge to be marked.
     1596    visitor.append(m_ownerExecutable);
    15251597    visitor.append(m_unlinkedCode);
    15261598    if (m_rareData)
     
    30613133{
    30623134#if ENABLE(SIGNAL_BASED_VM_TRAPS)
     3135   
    30633136    // This function may be called from a signal handler. We need to be
    30643137    // careful to not call anything that is not signal handler safe, e.g.
     
    30803153    if (!JITCode::isOptimizingJIT(jitType()))
    30813154        return false;
    3082     auto& commonData = *m_jitCode->dfgCommon();
    3083     commonData.installVMTrapBreakpoints(this);
     3155    m_jitCode->dfgCommon()->installVMTrapBreakpoints(this);
    30843156    return true;
    30853157#else
     
    31213193            totalSubSize += subIC->codeSize();
    31223194        }
     3195
     3196        return false;
    31233197    };
    31243198    heap()->forEachCodeBlock(countICs);
Note: See TracChangeset for help on using the changeset viewer.