[webkit-changes] [WebKit/WebKit] e9ced9: GC Wasm BBQ/OMG-OSR code
Keith Miller
noreply at github.com
Tue Oct 8 20:45:29 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: e9ced931afc738c9413a26562ad2dd1d7fec4cd2
https://github.com/WebKit/WebKit/commit/e9ced931afc738c9413a26562ad2dd1d7fec4cd2
Author: Keith Miller <keith_miller at apple.com>
Date: 2024-10-08 (Tue, 08 Oct 2024)
Changed paths:
M Source/JavaScriptCore/CMakeLists.txt
M Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
M Source/JavaScriptCore/Sources.txt
M Source/JavaScriptCore/assembler/LinkBuffer.cpp
M Source/JavaScriptCore/bytecode/SuperSampler.cpp
M Source/JavaScriptCore/heap/ConservativeRoots.cpp
M Source/JavaScriptCore/heap/ConservativeRoots.h
M Source/JavaScriptCore/heap/Heap.cpp
M Source/JavaScriptCore/heap/Heap.h
M Source/JavaScriptCore/heap/HeapUtil.h
M Source/JavaScriptCore/interpreter/CallFrame.cpp
M Source/JavaScriptCore/interpreter/CalleeBits.h
M Source/JavaScriptCore/jit/AssemblyHelpers.h
M Source/JavaScriptCore/jit/ExecutableAllocator.cpp
M Source/JavaScriptCore/jit/ExecutableAllocator.h
M Source/JavaScriptCore/llint/LLIntSlowPaths.cpp
M Source/JavaScriptCore/llint/LLIntSlowPaths.h
M Source/JavaScriptCore/llint/WebAssembly.asm
M Source/JavaScriptCore/offlineasm/parser.rb
M Source/JavaScriptCore/runtime/NativeCallee.h
M Source/JavaScriptCore/runtime/Options.cpp
M Source/JavaScriptCore/runtime/OptionsList.h
M Source/JavaScriptCore/runtime/WeakGCMapInlines.h
M Source/JavaScriptCore/tools/VMInspector.h
M Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
M Source/JavaScriptCore/wasm/WasmBBQJIT.h
M Source/JavaScriptCore/wasm/WasmBBQPlan.cpp
M Source/JavaScriptCore/wasm/WasmCallee.cpp
M Source/JavaScriptCore/wasm/WasmCallee.h
M Source/JavaScriptCore/wasm/WasmCalleeGroup.cpp
M Source/JavaScriptCore/wasm/WasmCalleeGroup.h
R Source/JavaScriptCore/wasm/WasmCallsiteCollection.cpp
R Source/JavaScriptCore/wasm/WasmCallsiteCollection.h
M Source/JavaScriptCore/wasm/WasmFormat.h
M Source/JavaScriptCore/wasm/WasmFunctionCodeBlockGenerator.h
M Source/JavaScriptCore/wasm/WasmFunctionIPIntMetadataGenerator.h
M Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp
M Source/JavaScriptCore/wasm/WasmIPIntSlowPaths.cpp
M Source/JavaScriptCore/wasm/WasmIPIntTierUpCounter.h
M Source/JavaScriptCore/wasm/WasmIndexOrName.cpp
M Source/JavaScriptCore/wasm/WasmIndexOrName.h
M Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp
M Source/JavaScriptCore/wasm/WasmLLIntTierUpCounter.cpp
M Source/JavaScriptCore/wasm/WasmLLIntTierUpCounter.h
M Source/JavaScriptCore/wasm/WasmModule.h
M Source/JavaScriptCore/wasm/WasmModuleInformation.h
M Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp
M Source/JavaScriptCore/wasm/WasmOMGPlan.cpp
M Source/JavaScriptCore/wasm/WasmOSREntryData.h
M Source/JavaScriptCore/wasm/WasmOSREntryPlan.cpp
M Source/JavaScriptCore/wasm/WasmOperations.cpp
M Source/JavaScriptCore/wasm/WasmOperations.h
M Source/JavaScriptCore/wasm/WasmSlowPaths.cpp
M Source/JavaScriptCore/wasm/WasmSlowPaths.h
M Source/JavaScriptCore/wasm/WasmThunks.cpp
M Source/JavaScriptCore/wasm/WasmTierUpCount.cpp
M Source/JavaScriptCore/wasm/WasmTierUpCount.h
M Source/JavaScriptCore/wasm/js/JSToWasm.cpp
M Source/JavaScriptCore/wasm/js/JSToWasm.h
M Source/WTF/WTF.xcodeproj/project.pbxproj
M Source/WTF/wtf/CMakeLists.txt
M Source/WTF/wtf/FixedBitVector.h
M Source/WTF/wtf/HashSet.h
M Source/WTF/wtf/HashTable.h
M Source/WTF/wtf/Lock.h
A Source/WTF/wtf/ScopedPrintStream.h
A Source/WTF/wtf/TaggedPtr.h
M Source/WTF/wtf/ThreadSafeWeakPtr.h
M Tools/Scripts/run-jsc-stress-tests
Log Message:
-----------
GC Wasm BBQ/OMG-OSR code
https://bugs.webkit.org/show_bug.cgi?id=280896
rdar://131411963
Reviewed by Yusuke Suzuki and David Degazio.
This patch enables GCing BBQ/OMG-OSR code. We don't reclaim OMG code
as it's the highest tier so there's nothing to replace it or LLInt/IPInt
because LLInt is on its way out and it's not clear how profitable it will
be to GC IPInt code.
To make this work a couple significant changes had to be made:
* NativeCallees are now ThreadSafeRefCountedAndCanMakeThreadSafeWeakPtr so CalleeGroup can retain weak references to them.
* When doing updateCallsitesToCallUs we get the callsites from Wasm::JITCallees directly rather than from anywhere else.
In order to quickly find the potential callees we record a FixedBitVector of the FunctionCodeIndices that could have
a direct asm callsite to us. This also makes CallsiteCollection obsolete thus is removed in this patch.
* CalleeGroup now holds ThreadSafeWeakOrStrongPtr to BBQCallees and a HashMap of ThreadSafeWeakPtrs to OSREntryCallees.
When the BBQCallee is the current highest tier the BBQCallee is retained as a strong reference. Once OMG code is compiled
that reference is made weak. This allows us to continue to update the outgoing calls of this callee while it is still reachable.
If we didn't do this then we could fail to update the callsite and be left with a dangling "pointer" to other code that's
already been collected.
* Once a Wasm::Callee is ready to be released we iterate all the VMs in the process and give them a copy of the Callee. If they
don't see it on a stack scan it can be released as that VM isn't referencing it.
* ConservativeRoots now knows that it needs to also look for boxed Wasm::Callees on the stack. In order to avoid potentially
regressing performance when not running wasm the stack scan is now templated on whether or not to look for boxed Wasm::Callees
on the stack.
There are a few other additions in WTF:
* `HashMap::takeIf`: Returns a Vector of the things the Invocable returns true on.
* `TaggedPtr`: Which makes it easy to embed data into pointers. There are two tagging modes for now:
1) `NoTaggingTraits`: Doesn't do tagging.
2) `EnumTaggingTraits`: tags with the members of a specific enum.
* `ThreadSafeWeakOrStrongPtr`: Similar to WeakOrStrongPtr but for ThreadSafeRefCountedAndCanMakeThreadSafeWeakPtr.
* Source/JavaScriptCore/assembler/LinkBuffer.cpp:
(JSC::LinkBuffer::finalizeCodeWithDisassemblyImpl):
* Source/JavaScriptCore/bytecode/SuperSampler.cpp:
(JSC::initializeSuperSampler):
* Source/JavaScriptCore/heap/ConservativeRoots.cpp:
(JSC::ConservativeRoots::ConservativeRoots):
(JSC::ConservativeRoots::~ConservativeRoots):
(JSC::ConservativeRoots::genericAddPointer):
(JSC::ConservativeRoots::genericAddSpan):
* Source/JavaScriptCore/heap/ConservativeRoots.h:
* Source/JavaScriptCore/heap/Heap.cpp:
(JSC::Heap::addCoreConstraints):
(JSC::Heap::reportWasmCalleePendingDestruction):
(JSC::Heap::isWasmCalleePendingDestruction):
* Source/JavaScriptCore/heap/Heap.h:
* Source/JavaScriptCore/heap/HeapUtil.h:
(JSC::HeapUtil::findGCObjectPointersForMarking): Deleted.
* Source/JavaScriptCore/interpreter/CallFrame.cpp:
(JSC::CallFrame::dump const):
* Source/JavaScriptCore/interpreter/CalleeBits.h:
(JSC::CalleeBits::boxNativeCallee):
* Source/JavaScriptCore/jit/ExecutableAllocator.cpp:
(JSC::ExecutableMemoryHandle::~ExecutableMemoryHandle):
* Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:
(JSC::LLInt::logWasmPrologue): Deleted.
* Source/JavaScriptCore/llint/LLIntSlowPaths.h:
* Source/JavaScriptCore/runtime/NativeCallee.h:
* Source/JavaScriptCore/runtime/Options.cpp:
(JSC::Options::isAvailable):
* Source/JavaScriptCore/runtime/OptionsList.h:
* Source/JavaScriptCore/runtime/WeakGCMapInlines.h:
(JSC::KeyTraitsArg>::pruneStaleEntries):
* Source/JavaScriptCore/tools/VMInspector.h:
(JSC::VMInspector::WTF_REQUIRES_LOCK):
* Source/JavaScriptCore/wasm/WasmBBQJIT.cpp:
(JSC::Wasm::BBQJITImpl::BBQJIT::BBQJIT):
(JSC::Wasm::BBQJITImpl::BBQJIT::emitEntryTierUpCheck):
(JSC::Wasm::BBQJITImpl::BBQJIT::addTopLevel):
(JSC::Wasm::BBQJITImpl::BBQJIT::emitTailCall):
(JSC::Wasm::BBQJITImpl::BBQJIT::addCall):
(JSC::Wasm::BBQJITImpl::BBQJIT::takeDirectCallees):
(JSC::Wasm::parseAndCompileBBQ):
* Source/JavaScriptCore/wasm/WasmBBQJIT.h:
* Source/JavaScriptCore/wasm/WasmBBQPlan.cpp:
(JSC::Wasm::BBQPlan::work):
(JSC::Wasm::BBQPlan::compileFunction):
* Source/JavaScriptCore/wasm/WasmCallee.cpp:
(JSC::Wasm::Callee::Callee):
(JSC::Wasm::Callee::reportToVMsForDestruction):
(JSC::Wasm::JSEntrypointCallee::JSEntrypointCallee):
* Source/JavaScriptCore/wasm/WasmCallee.h:
* Source/JavaScriptCore/wasm/WasmCalleeGroup.cpp:
(JSC::Wasm::CalleeGroup::CalleeGroup):
(JSC::Wasm::CalleeGroup::tryGetBBQCalleeForLoopOSR):
(JSC::Wasm::CalleeGroup::releaseBBQCallee):
(JSC::Wasm::CalleeGroup::updateCallsitesToCallUs):
(JSC::Wasm::CalleeGroup::reportCallees):
(JSC::Wasm::CalleeGroup::calleeIsReferenced const):
* Source/JavaScriptCore/wasm/WasmCalleeGroup.h:
* Source/JavaScriptCore/wasm/WasmCallsiteCollection.cpp:
(JSC::Wasm::CallsiteCollection::addCalleeGroupCallsites):
(JSC::Wasm::CallsiteCollection::updateCallsitesToCallUs):
* Source/JavaScriptCore/wasm/WasmCallsiteCollection.h:
* Source/JavaScriptCore/wasm/WasmFormat.h:
* Source/JavaScriptCore/wasm/WasmFunctionCodeBlockGenerator.h:
(JSC::Wasm::FunctionCodeBlockGenerator::takeCallees):
* Source/JavaScriptCore/wasm/WasmFunctionIPIntMetadataGenerator.h:
(JSC::Wasm::FunctionIPIntMetadataGenerator::takeCallees):
* Source/JavaScriptCore/wasm/WasmIPIntGenerator.cpp:
(JSC::Wasm::IPIntGenerator::IPIntGenerator):
(JSC::Wasm::IPIntGenerator::addCall):
* Source/JavaScriptCore/wasm/WasmIPIntSlowPaths.cpp:
(JSC::IPInt::jitCompileAndSetHeuristics):
(JSC::IPInt::WASM_IPINT_EXTERN_CPP_DECL):
* Source/JavaScriptCore/wasm/WasmIPIntTierUpCounter.h:
(JSC::Wasm::IPIntTierUpCounter::WTF_REQUIRES_LOCK):
(JSC::Wasm::IPIntTierUpCounter::compilationStatus): Deleted.
(JSC::Wasm::IPIntTierUpCounter::setCompilationStatus): Deleted.
(JSC::Wasm::IPIntTierUpCounter::loopCompilationStatus): Deleted.
(JSC::Wasm::IPIntTierUpCounter::setLoopCompilationStatus): Deleted.
* Source/JavaScriptCore/wasm/WasmIndexOrName.cpp:
(JSC::Wasm::IndexOrName::dump const):
* Source/JavaScriptCore/wasm/WasmIndexOrName.h:
* Source/JavaScriptCore/wasm/WasmLLIntGenerator.cpp:
(JSC::Wasm::LLIntGenerator::LLIntGenerator):
(JSC::Wasm::LLIntGenerator::addCall):
* Source/JavaScriptCore/wasm/WasmLLIntTierUpCounter.cpp:
(JSC::Wasm::LLIntTierUpCounter::reset):
(JSC::Wasm::LLIntTierUpCounter::addOSREntryDataForLoop): Deleted.
* Source/JavaScriptCore/wasm/WasmLLIntTierUpCounter.h:
(JSC::Wasm::LLIntTierUpCounter::WTF_REQUIRES_LOCK):
(JSC::Wasm::LLIntTierUpCounter::compilationStatus): Deleted.
(JSC::Wasm::LLIntTierUpCounter::setCompilationStatus): Deleted.
(JSC::Wasm::LLIntTierUpCounter::loopCompilationStatus): Deleted.
(JSC::Wasm::LLIntTierUpCounter::setLoopCompilationStatus): Deleted.
* Source/JavaScriptCore/wasm/WasmModule.h:
* Source/JavaScriptCore/wasm/WasmModuleInformation.h:
* Source/JavaScriptCore/wasm/WasmOMGIRGenerator.cpp:
(JSC::Wasm::OMGIRGenerator::OMGIRGenerator):
(JSC::Wasm::OMGIRGenerator::addCall):
(JSC::Wasm::parseAndCompileOMG):
* Source/JavaScriptCore/wasm/WasmOMGIRGenerator32_64.cpp:
(JSC::Wasm::parseAndCompileOMG):
* Source/JavaScriptCore/wasm/WasmOMGPlan.cpp:
(JSC::Wasm::OMGPlan::dumpDisassembly):
(JSC::Wasm::OMGPlan::work):
* Source/JavaScriptCore/wasm/WasmOSREntryData.h:
(JSC::Wasm::OSREntryData::OSREntryData):
(JSC::Wasm::OSREntryData::functionIndex const):
* Source/JavaScriptCore/wasm/WasmOSREntryPlan.cpp:
(JSC::Wasm::OSREntryPlan::dumpDisassembly):
(JSC::Wasm::OSREntryPlan::work):
* Source/JavaScriptCore/wasm/WasmOperations.cpp:
(JSC::Wasm::JSC_DEFINE_NOEXCEPT_JIT_OPERATION):
* Source/JavaScriptCore/wasm/WasmOperations.h:
* Source/JavaScriptCore/wasm/WasmSlowPaths.cpp:
(JSC::LLInt::jitCompileAndSetHeuristics):
(JSC::LLInt::WASM_SLOW_PATH_DECL):
(JSC::LLInt::logWasmPrologue):
* Source/JavaScriptCore/wasm/WasmSlowPaths.h:
* Source/JavaScriptCore/wasm/WasmThunks.cpp:
(JSC::Wasm::triggerOMGEntryTierUpThunkGeneratorImpl):
* Source/JavaScriptCore/wasm/WasmTierUpCount.cpp:
(JSC::Wasm::TierUpCount::addOSREntryData):
* Source/JavaScriptCore/wasm/WasmTierUpCount.h:
(JSC::Wasm::TierUpCount::optimizeAfterWarmUp):
(JSC::Wasm::TierUpCount::dontOptimizeAnytimeSoon):
(JSC::Wasm::TierUpCount::optimizeNextInvocation):
(JSC::Wasm::TierUpCount::optimizeSoon):
(JSC::Wasm::TierUpCount::setOptimizationThresholdBasedOnCompilationResult):
* Source/JavaScriptCore/wasm/WasmWorklist.cpp:
* Source/JavaScriptCore/wasm/js/JSToWasm.cpp:
(JSC::Wasm::FunctionSignature::jsToWasmICEntrypoint const):
* Source/JavaScriptCore/wasm/js/JSToWasm.h:
* Source/WTF/WTF.xcodeproj/project.pbxproj:
* Source/WTF/wtf/FixedBitVector.h:
(WTF::FixedBitVector::merge):
(WTF::FixedBitVector::filter):
(WTF::FixedBitVector::exclude):
* Source/WTF/wtf/HashSet.h:
* Source/WTF/wtf/HashTable.h:
(WTF::KeyTraits>::removeIf):
(WTF::KeyTraits>::takeIf):
* Source/WTF/wtf/Lock.h:
* Source/WTF/wtf/ScopedPrintStream.h: Copied from Source/JavaScriptCore/wasm/js/JSToWasm.h.
* Source/WTF/wtf/TaggedPtr.h: Added.
(WTF::TaggedPtr::TaggedPtr):
(WTF::TaggedPtr::tag const):
(WTF::TaggedPtr::ptr const):
(WTF::TaggedPtr::ptr):
(WTF::TaggedPtr::set):
(WTF::TaggedPtr::setTag):
(WTF::TaggedPtr::operator=):
(WTF::static_cast<Enum>):
(WTF::NoTaggingTraits::encode):
(WTF::NoTaggingTraits::extractPtr):
(WTF::NoTaggingTraits::extractTag):
* Source/WTF/wtf/ThreadSafeWeakPtr.h:
(WTF::ThreadSafeWeakPtrControlBlock::refCount const):
(WTF::ThreadSafeRefCountedAndCanMakeThreadSafeWeakPtr::refCount const):
(WTF::ThreadSafeWeakOrStrongPtr::status const):
(WTF::ThreadSafeWeakOrStrongPtr::isWeak const):
(WTF::ThreadSafeWeakOrStrongPtr::isStrong const):
(WTF::ThreadSafeWeakOrStrongPtr::get const):
(WTF::ThreadSafeWeakOrStrongPtr::ptr const):
(WTF::ThreadSafeWeakOrStrongPtr::convertToWeak):
(WTF::ThreadSafeWeakOrStrongPtr::tryConvertToStrong):
(WTF::ThreadSafeWeakOrStrongPtr::operator=):
(WTF::ThreadSafeWeakOrStrongPtr::ThreadSafeWeakOrStrongPtr):
(WTF::ThreadSafeWeakOrStrongPtr::~ThreadSafeWeakOrStrongPtr):
(WTF::ThreadSafeWeakPtr::ThreadSafeWeakPtr): Deleted.
(WTF::ThreadSafeWeakPtr::operator=): Deleted.
(WTF::ThreadSafeWeakPtr::get const): Deleted.
(WTF::ThreadSafeWeakPtr::controlBlock): Deleted.
* Tools/Scripts/run-jsc-stress-tests:
Canonical link: https://commits.webkit.org/284867@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list