<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[191003] trunk/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/191003">191003</a></dd>
<dt>Author</dt> <dd>ggaren@apple.com</dd>
<dt>Date</dt> <dd>2015-10-13 13:08:54 -0700 (Tue, 13 Oct 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>CodeBlock write barriers should be precise
https://bugs.webkit.org/show_bug.cgi?id=150042
Reviewed by Saam Barati.
CodeBlock performs lots of unnecessary write barriers. This wastes
performance and makes the code a bit harder to follow, and it might mask
important bugs. Now is a good time to unmask important bugs.
* bytecode/CodeBlock.h:
(JSC::CodeBlockSet::mark): Don't write barrier all CodeBlocks on the
stack. Only CodeBlocks that do value profiling need write barriers, and
they do those themselves.
In steady state, when most of our CodeBlocks are old and FTL-compiled,
and we're doing eden GC's, we should almost never visit a CodeBlock.
* dfg/DFGOSRExitCompilerCommon.cpp:
(JSC::DFG::osrWriteBarrier):
(JSC::DFG::adjustAndJumpToTarget): Don't write barrier all inlined
CodeBlocks on exit. That's not necessary. Instead, write barrier the
CodeBlock(s) we will exit to, along with the one we will write a value
profile to.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCorebytecodeCodeBlockh">trunk/Source/JavaScriptCore/bytecode/CodeBlock.h</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGOSRExitCompilerCommoncpp">trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (191002 => 191003)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2015-10-13 19:15:55 UTC (rev 191002)
+++ trunk/Source/JavaScriptCore/ChangeLog 2015-10-13 20:08:54 UTC (rev 191003)
</span><span class="lines">@@ -1,3 +1,29 @@
</span><ins>+2015-10-12 Geoffrey Garen <ggaren@apple.com>
+
+ CodeBlock write barriers should be precise
+ https://bugs.webkit.org/show_bug.cgi?id=150042
+
+ Reviewed by Saam Barati.
+
+ CodeBlock performs lots of unnecessary write barriers. This wastes
+ performance and makes the code a bit harder to follow, and it might mask
+ important bugs. Now is a good time to unmask important bugs.
+
+ * bytecode/CodeBlock.h:
+ (JSC::CodeBlockSet::mark): Don't write barrier all CodeBlocks on the
+ stack. Only CodeBlocks that do value profiling need write barriers, and
+ they do those themselves.
+
+ In steady state, when most of our CodeBlocks are old and FTL-compiled,
+ and we're doing eden GC's, we should almost never visit a CodeBlock.
+
+ * dfg/DFGOSRExitCompilerCommon.cpp:
+ (JSC::DFG::osrWriteBarrier):
+ (JSC::DFG::adjustAndJumpToTarget): Don't write barrier all inlined
+ CodeBlocks on exit. That's not necessary. Instead, write barrier the
+ CodeBlock(s) we will exit to, along with the one we will write a value
+ profile to.
+
</ins><span class="cx"> 2015-10-13 Yusuke Suzuki <utatane.tea@gmail.com>
</span><span class="cx">
</span><span class="cx"> REGRESSION: ASSERT (impl->isAtomic()) @ facebook.com
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorebytecodeCodeBlockh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/bytecode/CodeBlock.h (191002 => 191003)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/bytecode/CodeBlock.h 2015-10-13 19:15:55 UTC (rev 191002)
+++ trunk/Source/JavaScriptCore/bytecode/CodeBlock.h 2015-10-13 20:08:54 UTC (rev 191003)
</span><span class="lines">@@ -1376,11 +1376,6 @@
</span><span class="cx"> if (!codeBlock)
</span><span class="cx"> return;
</span><span class="cx">
</span><del>- // Try to recover gracefully if we forget to execute a barrier for a
- // CodeBlock that does value profiling. This is probably overkill, but we
- // have always done it.
- Heap::heap(codeBlock)->writeBarrier(codeBlock);
-
</del><span class="cx"> m_currentlyExecuting.add(codeBlock);
</span><span class="cx"> }
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGOSRExitCompilerCommoncpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp (191002 => 191003)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp 2015-10-13 19:15:55 UTC (rev 191002)
+++ trunk/Source/JavaScriptCore/dfg/DFGOSRExitCompilerCommon.cpp 2015-10-13 20:08:54 UTC (rev 191003)
</span><span class="lines">@@ -266,30 +266,31 @@
</span><span class="cx"> ownerIsRememberedOrInEden.link(&jit);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void adjustAndJumpToTarget(CCallHelpers& jit, const OSRExitBase& exit, bool isExitingToOpCatch)
</del><ins>+static void osrWriteBarrier(CCallHelpers& jit, const OSRExitBase& exit)
</ins><span class="cx"> {
</span><del>- jit.move(
- AssemblyHelpers::TrustedImmPtr(
- jit.codeBlock()->baselineAlternative()), GPRInfo::argumentGPR1);
- osrWriteBarrier(jit, GPRInfo::argumentGPR1, GPRInfo::nonArgGPR0);
</del><ins>+ HashSet<CodeBlock*> codeBlocksToWriteBarrier;
</ins><span class="cx">
</span><del>- // We barrier all inlined frames -- and not just the current inline stack --
- // because we don't know which inlined function owns the value profile that
- // we'll update when we exit. In the case of "f() { a(); b(); }", if both
- // a and b are inlined, we might exit inside b due to a bad value loaded
- // from a.
- // FIXME: MethodOfGettingAValueProfile should remember which CodeBlock owns
- // the value profile.
- InlineCallFrameSet* inlineCallFrames = jit.codeBlock()->jitCode()->dfgCommon()->inlineCallFrames.get();
- if (inlineCallFrames) {
- for (InlineCallFrame* inlineCallFrame : *inlineCallFrames) {
- jit.move(
- AssemblyHelpers::TrustedImmPtr(
- inlineCallFrame->baselineCodeBlock.get()), GPRInfo::argumentGPR1);
- osrWriteBarrier(jit, GPRInfo::argumentGPR1, GPRInfo::nonArgGPR0);
- }
</del><ins>+ // Note that the value profiling CodeBlock and the baseline CodeBlock might
+ // not be equal. In "f() { a(); b(); }", if both 'a' and 'b' are inlined,
+ // we might exit to 'b' due to a bad value loaded from 'a'.
+ codeBlocksToWriteBarrier.add(jit.baselineCodeBlockFor(exit.m_codeOriginForExitProfile));
+
+ codeBlocksToWriteBarrier.add(jit.codeBlock()->baselineAlternative());
+
+ for (InlineCallFrame* inlineCallFrame = exit.m_codeOrigin.inlineCallFrame; inlineCallFrame; inlineCallFrame = inlineCallFrame->directCaller.inlineCallFrame)
+ codeBlocksToWriteBarrier.add(inlineCallFrame->baselineCodeBlock.get());
+
+ for (CodeBlock* codeBlock : codeBlocksToWriteBarrier) {
+ jit.move(
+ AssemblyHelpers::TrustedImmPtr(codeBlock), GPRInfo::argumentGPR1);
+ osrWriteBarrier(jit, GPRInfo::argumentGPR1, GPRInfo::nonArgGPR0);
</ins><span class="cx"> }
</span><ins>+}
</ins><span class="cx">
</span><ins>+void adjustAndJumpToTarget(CCallHelpers& jit, const OSRExitBase& exit, bool isExitingToOpCatch)
+{
+ osrWriteBarrier(jit, exit);
+
</ins><span class="cx"> if (exit.m_codeOrigin.inlineCallFrame)
</span><span class="cx"> jit.addPtr(AssemblyHelpers::TrustedImm32(exit.m_codeOrigin.inlineCallFrame->stackOffset * sizeof(EncodedJSValue)), GPRInfo::callFrameRegister);
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>