Changeset 256015 in webkit for trunk/Source/JavaScriptCore/jit/JIT.cpp

Timestamp:

Feb 7, 2020, 2:06:18 AM (5 years ago)

Author:

[email protected]

Message:

[JSC] CodeBlock::shrinkToFit should shrink m_constantRegisters and m_constantsSourceCodeRepresentation in 64bit architectures
​https://bugs.webkit.org/show_bug.cgi?id=207356

Reviewed by Mark Lam.

Only 32bit architectures are using m_constantRegisters's address. 64bit architectures are not relying on m_constantRegisters's address.
This patches fixes the thing so that CodeBlock::shrinkToFit will shrink m_constantRegisters and m_constantsSourceCodeRepresentation
regardless of whether this is EarlyShrink or not. We also move DFG/FTL's LateShrink call to the place after calling DFGCommon reallyAdd
since they can add more constant registers.

Relanding it by fixing dead-lock.

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::shrinkToFit):

• bytecode/CodeBlock.h:
• dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::compile):
(JSC::DFG::JITCompiler::compileFunction):

• dfg/DFGJITFinalizer.cpp:

(JSC::DFG::JITFinalizer::finalizeCommon):

• dfg/DFGPlan.cpp:

(JSC::DFG::Plan::compileInThreadImpl):
(JSC::DFG::Plan::finalizeWithoutNotifyingCallback):

• jit/JIT.cpp:

(JSC::JIT::link):

• jit/JIT.h:
• jit/JITInlines.h:

(JSC::JIT::emitLoadDouble):
(JSC::JIT::emitLoadInt32ToDouble): Deleted.

File:

• trunk/Source/JavaScriptCore/jit/JIT.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/jit/JIT.cpp

@@ -944 +944 @@
         static_cast<double>(m_codeBlock->instructionsSize()));
 
-    m_codeBlock->shrinkToFit(CodeBlock::LateShrink);
+    {
+        ConcurrentJSLocker locker(m_codeBlock->m_lock);
+        m_codeBlock->shrinkToFit(locker, CodeBlock::ShrinkMode::LateShrink);
+    }
     m_codeBlock->setJITCode(
         adoptRef(*new DirectJITCode(result, withArityCheck, JITType::BaselineJIT)));