Changeset 293714 in webkit for trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp

Timestamp:

May 2, 2022, 10:07:01 PM (3 years ago)

Author:

[email protected]

Message:

[JSC] Introduce unlinked version of invalidation
​https://bugs.webkit.org/show_bug.cgi?id=239887

Reviewed by Saam Barati.

This patch makes invalidation mechanism unlinked for unlinked DFG.

1. We always use CheckTraps instead of InvalidationPoint with VMTraps so that we do not need

to repatch existing code.

2. We introduce load-and-branch based InvalidationPoint for unlinked DFG so that we do not need

to repatch it to jump to OSR exit when watchpoint fires. We store this condition in DFG::JITData
so that code can quickly access to that.

3. We make isStillValid conditions in DFG::CommonData always true for unlinked DFG code. Instead,

we check isJettisoned() condition of CodeBlock since it will become eventually per CodeBlock
information (while this CodeBlock gets invalidated, unlinked DFG code itself can be used for
the other CodeBlock).

After this change, now, jumpReplacements for unlinked DFG becomes empty. We no longer repatch these invalidation points.

• Source/JavaScriptCore/bytecode/CodeBlock.cpp:

(JSC::CodeBlock::jettison):
(JSC::CodeBlock::hasInstalledVMTrapsBreakpoints const):
(JSC::CodeBlock::canInstallVMTrapBreakpoints const):
(JSC::CodeBlock::installVMTrapBreakpoints):
(JSC::CodeBlock::hasInstalledVMTrapBreakpoints const): Deleted.

• Source/JavaScriptCore/bytecode/CodeBlock.h:
• Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::parseBlock):

• Source/JavaScriptCore/dfg/DFGCommonData.cpp:

(JSC::DFG::CommonData::invalidate):
(JSC::DFG::CommonData::~CommonData):
(JSC::DFG::CommonData::installVMTrapBreakpoints):
(JSC::DFG::CommonData::isVMTrapBreakpoint):

• Source/JavaScriptCore/dfg/DFGCommonData.h:

(JSC::DFG::CommonData::CommonData):
(JSC::DFG::CommonData::hasInstalledVMTrapsBreakpoints const):
(JSC::DFG::CommonData::isStillValid const):

• Source/JavaScriptCore/dfg/DFGDoesGC.cpp:

(JSC::DFG::doesGC):

• Source/JavaScriptCore/dfg/DFGJITCode.cpp:

(JSC::DFG::JITCode::JITCode):

• Source/JavaScriptCore/dfg/DFGJITCode.h:
• Source/JavaScriptCore/dfg/DFGJITCompiler.cpp:

(JSC::DFG::JITCompiler::link):

• Source/JavaScriptCore/dfg/DFGOSREntry.cpp:

(JSC::DFG::prepareOSREntry):
(JSC::DFG::prepareCatchOSREntry):

• Source/JavaScriptCore/dfg/DFGPlan.cpp:

(JSC::DFG::Plan::finalize):

• Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:

(JSC::DFG::SpeculativeJIT::compileInvalidationPoint):
(JSC::DFG::SpeculativeJIT::compileCheckTraps):
(JSC::DFG::SpeculativeJIT::emitInvalidationPoint): Deleted.

• Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h:
• Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

• Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

• Source/JavaScriptCore/ftl/FTLJITCode.cpp:

(JSC::FTL::JITCode::JITCode):

• Source/JavaScriptCore/ftl/FTLJITCode.h:

(JSC::FTL::JITCode::isUnlinked const):

• Source/JavaScriptCore/ftl/FTLOSREntry.cpp:

(JSC::FTL::prepareOSREntry):

• Source/JavaScriptCore/jit/JITCode.cpp:

(JSC::JITCode::isUnlinked const):

• Source/JavaScriptCore/jit/JITCode.h:
• Source/JavaScriptCore/runtime/VMTraps.cpp:

(JSC::VMTraps::tryInstallTrapBreakpoints):
(JSC::VMTraps::handleTraps):

Canonical link: ​https://commits.webkit.org/250203@main

File:

• trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp

@@ -8125 +8125 @@
         
         case op_check_traps: {
-            addToGraph(Options::usePollingTraps() ? CheckTraps : InvalidationPoint);
+            addToGraph((Options::usePollingTraps() || m_graph.m_plan.isUnlinked()) ? CheckTraps : InvalidationPoint);
             NEXT_OPCODE(op_check_traps);
         }