[webkit-changes] [WebKit/WebKit] b25150: [JSC] AccessCase should not hold CallLinkInfo*

Yusuke Suzuki noreply at github.com
Tue May 14 14:11:26 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: b25150796310098d1c10f98c45825c4be34912ee
      https://github.com/WebKit/WebKit/commit/b25150796310098d1c10f98c45825c4be34912ee
  Author: Yusuke Suzuki <ysuzuki at apple.com>
  Date:   2024-05-14 (Tue, 14 May 2024)

  Changed paths:
    A JSTests/stress/decouple-calllinkinfo-from-access-case.js
    M Source/JavaScriptCore/bytecode/AccessCase.cpp
    M Source/JavaScriptCore/bytecode/AccessCase.h
    M Source/JavaScriptCore/bytecode/GetByStatus.cpp
    M Source/JavaScriptCore/bytecode/GetterSetterAccessCase.cpp
    M Source/JavaScriptCore/bytecode/GetterSetterAccessCase.h
    M Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp
    M Source/JavaScriptCore/bytecode/InlineCacheCompiler.h
    M Source/JavaScriptCore/bytecode/ProxyObjectAccessCase.cpp
    M Source/JavaScriptCore/bytecode/ProxyObjectAccessCase.h
    M Source/JavaScriptCore/bytecode/PutByStatus.cpp
    M Source/JavaScriptCore/bytecode/StructureStubInfo.cpp
    M Source/JavaScriptCore/bytecode/StructureStubInfo.h
    M Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp
    M Source/JavaScriptCore/jit/GCAwareJITStubRoutine.h
    M Source/JavaScriptCore/jit/JITStubRoutine.cpp
    M Source/JavaScriptCore/jit/JITStubRoutine.h

  Log Message:
  -----------
  [JSC] AccessCase should not hold CallLinkInfo*
https://bugs.webkit.org/show_bug.cgi?id=268221
rdar://121733122

Reviewed by Justin Michaud.

AccessCase holds CallLinkInfo*. But when the underlying JITStubRoutine gets destroyed, this becomes invalid.
Previously, it does not matter since we always destroy CodeBlock first (synchronously), and then we clean up JITStubRoutine.
So there were strict ordering.  But now CodeBlock destruction can get delayed.

But fundamentally speaking, having CallLinkInfo* in AccessCase is not right. This is compiled code's data structure and
AccessCase should be just a data for IC feedback.

In this patch we decouple CallLinkInfo* from AccessCase. CallLinkInfo's lifetime should be correctly managed by visitWeak, so,
we add visitWeak iteration in MarkingGCAwareJITStubRoutine. Then we can remove CallLinkInfo from AccessCase.

* JSTests/stress/decouple-calllinkinfo-from-access-case.js: Added.
(F7):
(f25):
(f33):
(C20.prototype.valueOf):
(C20):
(f27):
* Source/JavaScriptCore/bytecode/AccessCase.cpp:
(JSC::AccessCase::forEachDependentCell const):
(JSC::AccessCase::doesCalls const):
(JSC::AccessCase::visitWeak const):
(JSC::AccessCase::collectDependentCells const):
* Source/JavaScriptCore/bytecode/AccessCase.h:
* Source/JavaScriptCore/bytecode/GetByStatus.cpp:
(JSC::GetByStatus::computeForStubInfoWithoutExitSiteFeedback):
* Source/JavaScriptCore/bytecode/GetterSetterAccessCase.cpp:
(JSC::GetterSetterAccessCase::dumpImpl const):
* Source/JavaScriptCore/bytecode/GetterSetterAccessCase.h:
* Source/JavaScriptCore/bytecode/InlineCacheCompiler.cpp:
(JSC::InlineCacheCompiler::generateWithGuard):
(JSC::InlineCacheCompiler::generate):
(JSC::InlineCacheCompiler::generateImpl):
(JSC::InlineCacheCompiler::emitProxyObjectAccess):
(JSC::InlineCacheCompiler::regenerate):
(JSC::InlineCacheHandler::callLinkInfoAt):
(JSC::InlineCacheHandler::visitWeak const):
* Source/JavaScriptCore/bytecode/InlineCacheCompiler.h:
* Source/JavaScriptCore/bytecode/ProxyObjectAccessCase.cpp:
(JSC::ProxyObjectAccessCase::dumpImpl const):
* Source/JavaScriptCore/bytecode/ProxyObjectAccessCase.h:
* Source/JavaScriptCore/bytecode/PutByStatus.cpp:
(JSC::PutByStatus::computeForStubInfo):
* Source/JavaScriptCore/bytecode/StructureStubInfo.cpp:
(JSC::StructureStubInfo::callLinkInfoAt):
* Source/JavaScriptCore/bytecode/StructureStubInfo.h:
* Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp:
(JSC::MarkingGCAwareJITStubRoutine::MarkingGCAwareJITStubRoutine):
(JSC::MarkingGCAwareJITStubRoutine::visitWeakImpl):
(JSC::MarkingGCAwareJITStubRoutine::callLinkInfoAtImpl):
(JSC::GCAwareJITStubRoutineWithExceptionHandler::GCAwareJITStubRoutineWithExceptionHandler):
(JSC::createICJITStubRoutine):
* Source/JavaScriptCore/jit/GCAwareJITStubRoutine.h:
* Source/JavaScriptCore/jit/JITStubRoutine.cpp:
(JSC::JITStubRoutine::callLinkInfoAt):
* Source/JavaScriptCore/jit/JITStubRoutine.h:
(JSC::JITStubRoutine::callLinkInfoAtImpl):

Originally-landed-as: 272448.633 at safari-7618-branch (f25738c69a33). rdar://128077399
Canonical link: https://commits.webkit.org/278779@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list