Changeset 277475 in webkit for trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp

Timestamp:

May 13, 2021, 7:03:43 PM (4 years ago)

Author:

[email protected]

Message:

m_calleeSaveRegisters should not be a pointer to a pointer
​https://bugs.webkit.org/show_bug.cgi?id=225787

Reviewed by Keith Miller.

Ben found this through memory stress testing.

RegisterAtOffsetList is effectively just a pointer. unique_ptr<RegisterAtOffsetList>
is a pointer to a pointer. RegisterAtOffsetList is long-lived, so it
creates heap page fragmentation.

Worth 3MB on Ben's test.

• bytecode/CodeBlock.cpp:

(JSC::CodeBlock::setCalleeSaveRegisters):
(JSC::CodeBlock::calleeSaveRegisters const): Use a fence before setting
m_hasCalleeSaveRegisters to ensure that all writes have completed before
the struct becomes visible.

• bytecode/CodeBlock.h: Use RegisterAtOffsetList directly instead of

unique_ptr<RegisterAtOffsetList> to avoid a long-lived lonely 8 byte
allocation.

• ftl/FTLCompile.cpp:

(JSC::FTL::compile): Updated for type change.

File:

• trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/ftl/FTLCompile.cpp

@@ -72 +72 @@
         return;
     
-    std::unique_ptr<RegisterAtOffsetList> registerOffsets =
-        makeUnique<RegisterAtOffsetList>(state.proc->calleeSaveRegisterAtOffsetList());
+    RegisterAtOffsetList registerOffsets = state.proc->calleeSaveRegisterAtOffsetList();
     if (shouldDumpDisassembly())
-        dataLog(tierName, "Unwind info for ", CodeBlockWithJITType(codeBlock, JITType::FTLJIT), ": ", *registerOffsets, "\n");
+        dataLog(tierName, "Unwind info for ", CodeBlockWithJITType(codeBlock, JITType::FTLJIT), ": ", registerOffsets, "\n");
     codeBlock->setCalleeSaveRegisters(WTFMove(registerOffsets));
     ASSERT(!(state.proc->frameSize() % sizeof(EncodedJSValue)));