Changeset 277850 in webkit for trunk/Source/JavaScriptCore/jit/JIT.cpp

Timestamp:

May 20, 2021, 11:35:06 PM (4 years ago)

Author:

[email protected]

Message:

[ Catalina Release JSC] A large number of JSC test appear to be flaky failing
​https://bugs.webkit.org/show_bug.cgi?id=225998
<rdar://problem/78235001>

Reviewed by Yusuke Suzuki.

JSTests:

• stress/dont-link-virtual-calls-on-compiler-thread.js: Added.

Source/JavaScriptCore:

This patch is fixing some fallout from moving JIT::link() to a background
thread:

1. We can't shrink the CodeBlock's constant pool on a background thread

since we read from it without grabbing a lock on the main thread (when
reading things off the stack in slow path calls).

2. We can't create GCAwareJITStubRoutines on the compilation thread, since

creating a GCAwareJITStubRoutines adds to a global hash table inside Heap. This
means that we have to do that step of emitting virtual calls for eval when
we're finalizing code on the main thread.

This patch also makes it so that a baseline JIT compilation thread is
correctly marked as such.

• heap/JITStubRoutineSet.cpp:

(JSC::JITStubRoutineSet::add):

• jit/AssemblyHelpers.cpp:

(JSC::AssemblyHelpers::emitUnlinkedVirtualCall):
(JSC::AssemblyHelpers::emitVirtualCall):

• jit/AssemblyHelpers.h:
• jit/JIT.cpp:

(JSC::JIT::link):
(JSC::JIT::finalizeOnMainThread):

• jit/JIT.h:
• jit/JITCall.cpp:

(JSC::JIT::compileCallEvalSlowCase):

• jit/JITCall32_64.cpp:

(JSC::JIT::compileCallEvalSlowCase):

• jit/JITWorklist.cpp:

File:

• trunk/Source/JavaScriptCore/jit/JIT.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/jit/JIT.cpp

@@ -978 +978 @@
         "Baseline JIT code for %s", toCString(CodeBlockWithJITType(m_codeBlock, JITType::BaselineJIT)).data());
     
+    MacroAssemblerCodePtr<JSEntryPtrTag> withArityCheck = patchBuffer.locationOf<JSEntryPtrTag>(m_arityCheck);
+    m_jitCode = adoptRef(*new DirectJITCode(result, withArityCheck, JITType::BaselineJIT));
+
+    if (JITInternal::verbose)
+        dataLogF("JIT generated code for %p at [%p, %p).\n", m_codeBlock, result.executableMemory()->start().untaggedPtr(), result.executableMemory()->end().untaggedPtr());
+}
+
+CompilationResult JIT::finalizeOnMainThread()
+{
+    RELEASE_ASSERT(!isCompilationThread());
+
+    if (!m_jitCode)
+        return CompilationFailed;
+
+    for (auto pair : m_virtualCalls) {
+        auto callLocation = m_linkBuffer->locationOfNearCall<JITThunkPtrTag>(pair.first);
+
+        CallLinkInfo& info = pair.second;
+        MacroAssemblerCodeRef<JITStubRoutinePtrTag> virtualThunk = virtualThunkFor(*m_vm, info);
+        info.setSlowStub(GCAwareJITStubRoutine::create(virtualThunk, *m_vm));
+        MacroAssembler::repatchNearCall(callLocation, CodeLocationLabel<JITStubRoutinePtrTag>(virtualThunk.code()));
+    }
+
     {
         ConcurrentJSLocker locker(m_codeBlock->m_lock);
         m_codeBlock->shrinkToFit(locker, CodeBlock::ShrinkMode::LateShrink);
     }
-
-    MacroAssemblerCodePtr<JSEntryPtrTag> withArityCheck = patchBuffer.locationOf<JSEntryPtrTag>(m_arityCheck);
-    m_jitCode = adoptRef(*new DirectJITCode(result, withArityCheck, JITType::BaselineJIT));
-
-    if (JITInternal::verbose)
-        dataLogF("JIT generated code for %p at [%p, %p).\n", m_codeBlock, result.executableMemory()->start().untaggedPtr(), result.executableMemory()->end().untaggedPtr());
-}
-
-CompilationResult JIT::finalizeOnMainThread()
-{
-    RELEASE_ASSERT(!isCompilationThread());
-
-    if (!m_jitCode)
-        return CompilationFailed;
 
     for (size_t i = 0; i < m_codeBlock->numberOfExceptionHandlers(); ++i) {