[webkit-changes] [WebKit/WebKit] bebb14: [JSC] Make CodeBlock destruction lazy

Yusuke Suzuki noreply at github.com
Mon Nov 27 18:18:10 PST 2023 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: bebb1488bc66c7d4a4b5b2837a3e8e163659b623
      https://github.com/WebKit/WebKit/commit/bebb1488bc66c7d4a4b5b2837a3e8e163659b623
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2023-11-27 (Mon, 27 Nov 2023)

  Changed paths:
    M Source/JavaScriptCore/bytecode/CodeBlock.cpp
    M Source/JavaScriptCore/bytecode/CodeBlockJettisoningWatchpoint.cpp
    M Source/JavaScriptCore/bytecode/CodeBlockJettisoningWatchpoint.h
    M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp
    M Source/JavaScriptCore/bytecode/MetadataTable.cpp
    M Source/JavaScriptCore/bytecode/MetadataTable.h
    M Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp
    M Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h
    M Source/JavaScriptCore/bytecode/UnlinkedMetadataTable.h
    M Source/JavaScriptCore/heap/CodeBlockSet.cpp
    M Source/JavaScriptCore/heap/CodeBlockSet.h
    M Source/JavaScriptCore/heap/Heap.cpp
    M Source/JavaScriptCore/heap/Heap.h
    M Source/JavaScriptCore/heap/JITStubRoutineSet.cpp
    M Source/JavaScriptCore/heap/JITStubRoutineSet.h
    M Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp
    M Source/JavaScriptCore/jit/GCAwareJITStubRoutine.h
    M Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.cpp
    M Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.h
    M Source/JavaScriptCore/runtime/CachedTypes.cpp

  Log Message:
  -----------
  [JSC] Make CodeBlock destruction lazy
https://bugs.webkit.org/show_bug.cgi?id=265361
rdar://118818460

Reviewed by Mark Lam.

This patch makes CodeBlock destruction lazy.

1. CodeBlockSet is relying on the fact that CodeBlock's destructor is called as soon as it gets dead.
   We wipe dead CodeBlocks instead in CodeBlockSet::clearCurrentlyExecutingAndRemoveDeadCodeBlocks.
2. JITStubRoutine has a possibility that, (1) now CodeBlock is dead but destructor is not called, (2) JITStubRoutine
   was not executed, but (3) because of conservativeness, once it is determined as non-executed but now it is conservatively
   seen as executed. In this case, we may mark already dead cells and cause the problem. In this patch, GCAwareJITStubRoutine
   now has owner cell (we already had this concept), and we maintain the liveness information of this owner cell.
   As a result, we can know that whether this JITStubRoutine is dead or not based on this owner cell's liveness and avoid the
   above race conditions.
3. CodeBlockJettisoningWatchpoint should check whether CodeBlock is still alive (via isLive), since it is possible that CodeBlock
   may be dead now but destructor is not called yet. This is well aligned to the other Watchpoint.
4. CodeBlock destructor should not touch UnlinkedCodeBlock since it may be already dead at this point. Previously it was OK since
   we are always sweeping CodeBlocks first before UnlinkedCodeBlock. But now this is not guaranteed. But only usage is didOptimize
   bit propagation. So we put this in UnlinkedMetadataTable instead. We may miss this propagation when MetadataTable is empty, but
   this is very rare and it happens only for super small functions, so it does not matter for the real world code.

* Source/JavaScriptCore/bytecode/CodeBlock.cpp:
(JSC::CodeBlock::~CodeBlock):
* Source/JavaScriptCore/bytecode/CodeBlockJettisoningWatchpoint.cpp:
(JSC::CodeBlockJettisoningWatchpoint::fireInternal):
* Source/JavaScriptCore/bytecode/CodeBlockJettisoningWatchpoint.h:
* Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp:
(JSC::InlineCacheCompiler::regenerate):
* Source/JavaScriptCore/bytecode/MetadataTable.cpp:
(JSC::MetadataTable::sizeInBytesForGC):
* Source/JavaScriptCore/bytecode/MetadataTable.h:
(JSC::MetadataTable::forEachValueProfile):
(JSC::MetadataTable::valueProfileForOffset):
(JSC::MetadataTable::unlinkedMetadata const):
(JSC::MetadataTable::totalSize const):
* Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.cpp:
(JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):
* Source/JavaScriptCore/bytecode/UnlinkedCodeBlock.h:
(JSC::UnlinkedCodeBlock::didOptimize const):
(JSC::UnlinkedCodeBlock::setDidOptimize):
* Source/JavaScriptCore/bytecode/UnlinkedMetadataTable.h:
(JSC::UnlinkedMetadataTable::didOptimize const):
(JSC::UnlinkedMetadataTable::setDidOptimize):
* Source/JavaScriptCore/heap/CodeBlockSet.cpp:
(JSC::CodeBlockSet::clearCurrentlyExecutingAndRemoveDeadCodeBlocks):
(JSC::CodeBlockSet::clearCurrentlyExecuting): Deleted.
* Source/JavaScriptCore/heap/CodeBlockSet.h:
* Source/JavaScriptCore/heap/Heap.cpp:
(JSC::Heap::deleteUnmarkedCompiledCode):
(JSC::Heap::runEndPhase):
(JSC::Heap::finalize):
* Source/JavaScriptCore/heap/JITStubRoutineSet.cpp:
(JSC::JITStubRoutineSet::~JITStubRoutineSet):
(JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
* Source/JavaScriptCore/heap/JITStubRoutineSet.h:
(JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
* Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp:
(JSC::GCAwareJITStubRoutine::GCAwareJITStubRoutine):
(JSC::PolymorphicAccessJITStubRoutine::PolymorphicAccessJITStubRoutine):
(JSC::MarkingGCAwareJITStubRoutine::MarkingGCAwareJITStubRoutine):
(JSC::GCAwareJITStubRoutineWithExceptionHandler::GCAwareJITStubRoutineWithExceptionHandler):
(JSC::createICJITStubRoutine):
* Source/JavaScriptCore/jit/GCAwareJITStubRoutine.h:
(JSC::GCAwareJITStubRoutine::create):
(JSC::GCAwareJITStubRoutine::owner const):
* Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.cpp:
(JSC::PolymorphicCallStubRoutine::PolymorphicCallStubRoutine):
* Source/JavaScriptCore/jit/PolymorphicCallStubRoutine.h:
* Source/JavaScriptCore/runtime/CachedTypes.cpp:
(JSC::UnlinkedCodeBlock::UnlinkedCodeBlock):

Canonical link: https://commits.webkit.org/271184@main

More information about the webkit-changes mailing list