<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[210565] trunk/Source/JavaScriptCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/210565">210565</a></dd>
<dt>Author</dt> <dd>fpizlo@apple.com</dd>
<dt>Date</dt> <dd>2017-01-10 15:41:55 -0800 (Tue, 10 Jan 2017)</dd>
</dl>
<h3>Log Message</h3>
<pre>Streamline the GC barrier slowpath
https://bugs.webkit.org/show_bug.cgi?id=166878
Reviewed by Geoffrey Garen and Saam Barati.
This implements two optimizations to the barrier:
- Removes the write barrier buffer. This was just overhead.
- Teaches the slow path how to white an object that was black but unmarked, ensuring that
we don't take slow path for this object again.
* JavaScriptCore.xcodeproj/project.pbxproj:
* dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compileStoreBarrier):
* ftl/FTLLowerDFGToB3.cpp:
(JSC::FTL::DFG::LowerDFGToB3::emitStoreBarrier):
* heap/CellState.h:
* heap/Heap.cpp:
(JSC::Heap::Heap):
(JSC::Heap::markToFixpoint):
(JSC::Heap::addToRememberedSet):
(JSC::Heap::stopTheWorld):
(JSC::Heap::writeBarrierSlowPath):
(JSC::Heap::buildConstraintSet):
(JSC::Heap::flushWriteBarrierBuffer): Deleted.
* heap/Heap.h:
(JSC::Heap::writeBarrierBuffer): Deleted.
* heap/SlotVisitor.cpp:
(JSC::SlotVisitor::appendJSCellOrAuxiliary):
(JSC::SlotVisitor::setMarkedAndAppendToMarkStack):
(JSC::SlotVisitor::appendToMarkStack):
(JSC::SlotVisitor::visitChildren):
* heap/WriteBarrierBuffer.cpp: Removed.
* heap/WriteBarrierBuffer.h: Removed.
* jit/JITOperations.cpp:
* jit/JITOperations.h:
* runtime/JSCellInlines.h:
(JSC::JSCell::JSCell):
* runtime/StructureIDBlob.h:
(JSC::StructureIDBlob::StructureIDBlob):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreCMakeListstxt">trunk/Source/JavaScriptCore/CMakeLists.txt</a></li>
<li><a href="#trunkSourceJavaScriptCoreChangeLog">trunk/Source/JavaScriptCore/ChangeLog</a></li>
<li><a href="#trunkSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj">trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj</a></li>
<li><a href="#trunkSourceJavaScriptCoredfgDFGSpeculativeJITcpp">trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreftlFTLLowerDFGToB3cpp">trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapCellStateh">trunk/Source/JavaScriptCore/heap/CellState.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapHeapcpp">trunk/Source/JavaScriptCore/heap/Heap.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapHeaph">trunk/Source/JavaScriptCore/heap/Heap.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapSlotVisitorcpp">trunk/Source/JavaScriptCore/heap/SlotVisitor.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITOperationscpp">trunk/Source/JavaScriptCore/jit/JITOperations.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCorejitJITOperationsh">trunk/Source/JavaScriptCore/jit/JITOperations.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeJSCellInlinesh">trunk/Source/JavaScriptCore/runtime/JSCellInlines.h</a></li>
<li><a href="#trunkSourceJavaScriptCoreruntimeStructureIDBlobh">trunk/Source/JavaScriptCore/runtime/StructureIDBlob.h</a></li>
</ul>
<h3>Removed Paths</h3>
<ul>
<li><a href="#trunkSourceJavaScriptCoreheapWriteBarrierBuffercpp">trunk/Source/JavaScriptCore/heap/WriteBarrierBuffer.cpp</a></li>
<li><a href="#trunkSourceJavaScriptCoreheapWriteBarrierBufferh">trunk/Source/JavaScriptCore/heap/WriteBarrierBuffer.h</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceJavaScriptCoreCMakeListstxt"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/CMakeLists.txt (210564 => 210565)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/CMakeLists.txt 2017-01-10 23:34:51 UTC (rev 210564)
+++ trunk/Source/JavaScriptCore/CMakeLists.txt 2017-01-10 23:41:55 UTC (rev 210565)
</span><span class="lines">@@ -510,7 +510,6 @@
</span><span class="cx"> heap/WeakBlock.cpp
</span><span class="cx"> heap/WeakHandleOwner.cpp
</span><span class="cx"> heap/WeakSet.cpp
</span><del>- heap/WriteBarrierBuffer.cpp
</del><span class="cx"> heap/WriteBarrierSupport.cpp
</span><span class="cx">
</span><span class="cx"> inspector/ConsoleMessage.cpp
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ChangeLog (210564 => 210565)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ChangeLog 2017-01-10 23:34:51 UTC (rev 210564)
+++ trunk/Source/JavaScriptCore/ChangeLog 2017-01-10 23:41:55 UTC (rev 210565)
</span><span class="lines">@@ -1,3 +1,47 @@
</span><ins>+2017-01-09 Filip Pizlo <fpizlo@apple.com>
+
+ Streamline the GC barrier slowpath
+ https://bugs.webkit.org/show_bug.cgi?id=166878
+
+ Reviewed by Geoffrey Garen and Saam Barati.
+
+ This implements two optimizations to the barrier:
+
+ - Removes the write barrier buffer. This was just overhead.
+
+ - Teaches the slow path how to white an object that was black but unmarked, ensuring that
+ we don't take slow path for this object again.
+
+ * JavaScriptCore.xcodeproj/project.pbxproj:
+ * dfg/DFGSpeculativeJIT.cpp:
+ (JSC::DFG::SpeculativeJIT::compileStoreBarrier):
+ * ftl/FTLLowerDFGToB3.cpp:
+ (JSC::FTL::DFG::LowerDFGToB3::emitStoreBarrier):
+ * heap/CellState.h:
+ * heap/Heap.cpp:
+ (JSC::Heap::Heap):
+ (JSC::Heap::markToFixpoint):
+ (JSC::Heap::addToRememberedSet):
+ (JSC::Heap::stopTheWorld):
+ (JSC::Heap::writeBarrierSlowPath):
+ (JSC::Heap::buildConstraintSet):
+ (JSC::Heap::flushWriteBarrierBuffer): Deleted.
+ * heap/Heap.h:
+ (JSC::Heap::writeBarrierBuffer): Deleted.
+ * heap/SlotVisitor.cpp:
+ (JSC::SlotVisitor::appendJSCellOrAuxiliary):
+ (JSC::SlotVisitor::setMarkedAndAppendToMarkStack):
+ (JSC::SlotVisitor::appendToMarkStack):
+ (JSC::SlotVisitor::visitChildren):
+ * heap/WriteBarrierBuffer.cpp: Removed.
+ * heap/WriteBarrierBuffer.h: Removed.
+ * jit/JITOperations.cpp:
+ * jit/JITOperations.h:
+ * runtime/JSCellInlines.h:
+ (JSC::JSCell::JSCell):
+ * runtime/StructureIDBlob.h:
+ (JSC::StructureIDBlob::StructureIDBlob):
+
</ins><span class="cx"> 2017-01-10 Mark Lam <mark.lam@apple.com>
</span><span class="cx">
</span><span class="cx"> Property setters should not be called for bound arguments list entries.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreJavaScriptCorexcodeprojprojectpbxproj"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj (210564 => 210565)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2017-01-10 23:34:51 UTC (rev 210564)
+++ trunk/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj 2017-01-10 23:41:55 UTC (rev 210565)
</span><span class="lines">@@ -1230,8 +1230,6 @@
</span><span class="cx"> 2A111246192FCE79005EE18D /* CustomGetterSetter.h in Headers */ = {isa = PBXBuildFile; fileRef = 2A111244192FCE79005EE18D /* CustomGetterSetter.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="cx"> 2A48D1911772365B00C65A5F /* APICallbackFunction.h in Headers */ = {isa = PBXBuildFile; fileRef = C211B574176A224D000E2A23 /* APICallbackFunction.h */; };
</span><span class="cx"> 2A4BB7F318A41179008A0FCD /* JSManagedValueInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = 2A4BB7F218A41179008A0FCD /* JSManagedValueInternal.h */; };
</span><del>- 2A4EC90B1860D6C20094F782 /* WriteBarrierBuffer.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 2A4EC9091860D6C20094F782 /* WriteBarrierBuffer.cpp */; };
- 2A4EC90C1860D6C20094F782 /* WriteBarrierBuffer.h in Headers */ = {isa = PBXBuildFile; fileRef = 2A4EC90A1860D6C20094F782 /* WriteBarrierBuffer.h */; settings = {ATTRIBUTES = (Private, ); }; };
</del><span class="cx"> 2A7A58EF1808A4C40020BDF7 /* DeferGC.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 2A7A58EE1808A4C40020BDF7 /* DeferGC.cpp */; };
</span><span class="cx"> 2A83638518D7D0EE0000EBCC /* EdenGCActivityCallback.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 2A83638318D7D0EE0000EBCC /* EdenGCActivityCallback.cpp */; };
</span><span class="cx"> 2A83638618D7D0EE0000EBCC /* EdenGCActivityCallback.h in Headers */ = {isa = PBXBuildFile; fileRef = 2A83638418D7D0EE0000EBCC /* EdenGCActivityCallback.h */; settings = {ATTRIBUTES = (Private, ); }; };
</span><span class="lines">@@ -3637,8 +3635,6 @@
</span><span class="cx"> 2A343F7418A1748B0039B085 /* GCSegmentedArray.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = GCSegmentedArray.h; sourceTree = "<group>"; };
</span><span class="cx"> 2A343F7718A1749D0039B085 /* GCSegmentedArrayInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = GCSegmentedArrayInlines.h; sourceTree = "<group>"; };
</span><span class="cx"> 2A4BB7F218A41179008A0FCD /* JSManagedValueInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSManagedValueInternal.h; sourceTree = "<group>"; };
</span><del>- 2A4EC9091860D6C20094F782 /* WriteBarrierBuffer.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WriteBarrierBuffer.cpp; sourceTree = "<group>"; };
- 2A4EC90A1860D6C20094F782 /* WriteBarrierBuffer.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WriteBarrierBuffer.h; sourceTree = "<group>"; };
</del><span class="cx"> 2A7A58EE1808A4C40020BDF7 /* DeferGC.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = DeferGC.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 2A83638318D7D0EE0000EBCC /* EdenGCActivityCallback.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = EdenGCActivityCallback.cpp; sourceTree = "<group>"; };
</span><span class="cx"> 2A83638418D7D0EE0000EBCC /* EdenGCActivityCallback.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = EdenGCActivityCallback.h; sourceTree = "<group>"; };
</span><span class="lines">@@ -5814,8 +5810,6 @@
</span><span class="cx"> 14E84F9B14EE1ACC00D6D5D4 /* WeakSet.cpp */,
</span><span class="cx"> 14E84F9C14EE1ACC00D6D5D4 /* WeakSet.h */,
</span><span class="cx"> 14150132154BB13F005D8C98 /* WeakSetInlines.h */,
</span><del>- 2A4EC9091860D6C20094F782 /* WriteBarrierBuffer.cpp */,
- 2A4EC90A1860D6C20094F782 /* WriteBarrierBuffer.h */,
</del><span class="cx"> 0FC8150814043BCA00CFA603 /* WriteBarrierSupport.cpp */,
</span><span class="cx"> 0FC8150914043BD200CFA603 /* WriteBarrierSupport.h */,
</span><span class="cx"> );
</span><span class="lines">@@ -9102,7 +9096,6 @@
</span><span class="cx"> ADBC54D51DF8EA2B005BF738 /* WebAssemblyToJSCallee.h in Headers */,
</span><span class="cx"> BC18C47A0E16F5CD00B34460 /* WebKitAvailability.h in Headers */,
</span><span class="cx"> A7DCB97312E5193F00911940 /* WriteBarrier.h in Headers */,
</span><del>- 2A4EC90C1860D6C20094F782 /* WriteBarrierBuffer.h in Headers */,
</del><span class="cx"> C2B6D75318A33793004A9301 /* WriteBarrierInlines.h in Headers */,
</span><span class="cx"> 0FC8150A14043BF500CFA603 /* WriteBarrierSupport.h in Headers */,
</span><span class="cx"> 9688CB160ED12B4E001D649F /* X86Assembler.h in Headers */,
</span><span class="lines">@@ -10493,7 +10486,6 @@
</span><span class="cx"> AD2FCBFC1DB58DAD00B3E736 /* WebAssemblyTableConstructor.cpp in Sources */,
</span><span class="cx"> AD2FCBFE1DB58DAD00B3E736 /* WebAssemblyTablePrototype.cpp in Sources */,
</span><span class="cx"> ADBC54D41DF8EA2B005BF738 /* WebAssemblyToJSCallee.cpp in Sources */,
</span><del>- 2A4EC90B1860D6C20094F782 /* WriteBarrierBuffer.cpp in Sources */,
</del><span class="cx"> 0FC8150B14043C0E00CFA603 /* WriteBarrierSupport.cpp in Sources */,
</span><span class="cx"> A7E5AB3A1799E4B200D2833D /* X86Disassembler.cpp in Sources */,
</span><span class="cx"> 863C6D9C1521111A00585E4E /* YarrCanonicalizeUCS2.cpp in Sources */,
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoredfgDFGSpeculativeJITcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp (210564 => 210565)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp 2017-01-10 23:34:51 UTC (rev 210564)
+++ trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp 2017-01-10 23:41:55 UTC (rev 210565)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2011-2016 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2011-2017 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -60,7 +60,6 @@
</span><span class="cx"> #include "RegExpConstructor.h"
</span><span class="cx"> #include "ScopedArguments.h"
</span><span class="cx"> #include "ScratchRegisterAllocator.h"
</span><del>-#include "WriteBarrierBuffer.h"
</del><span class="cx"> #include <wtf/BitVector.h>
</span><span class="cx"> #include <wtf/Box.h>
</span><span class="cx"> #include <wtf/MathExtras.h>
</span><span class="lines">@@ -8905,11 +8904,9 @@
</span><span class="cx">
</span><span class="cx"> SpeculateCellOperand base(this, node->child1());
</span><span class="cx"> GPRTemporary scratch1(this);
</span><del>- GPRTemporary scratch2(this);
</del><span class="cx">
</span><span class="cx"> GPRReg baseGPR = base.gpr();
</span><span class="cx"> GPRReg scratch1GPR = scratch1.gpr();
</span><del>- GPRReg scratch2GPR = scratch2.gpr();
</del><span class="cx">
</span><span class="cx"> JITCompiler::JumpList ok;
</span><span class="cx">
</span><span class="lines">@@ -8923,22 +8920,8 @@
</span><span class="cx"> } else
</span><span class="cx"> ok.append(m_jit.barrierBranchWithoutFence(baseGPR));
</span><span class="cx">
</span><del>- WriteBarrierBuffer& writeBarrierBuffer = m_jit.vm()->heap.m_writeBarrierBuffer;
- m_jit.load32(writeBarrierBuffer.currentIndexAddress(), scratch2GPR);
- JITCompiler::Jump needToFlush = m_jit.branch32(MacroAssembler::AboveOrEqual, scratch2GPR, MacroAssembler::TrustedImm32(writeBarrierBuffer.capacity()));
-
- m_jit.add32(TrustedImm32(1), scratch2GPR);
- m_jit.store32(scratch2GPR, writeBarrierBuffer.currentIndexAddress());
-
- m_jit.move(TrustedImmPtr(writeBarrierBuffer.buffer()), scratch1GPR);
- // We use an offset of -sizeof(void*) because we already added 1 to scratch2.
- m_jit.storePtr(baseGPR, MacroAssembler::BaseIndex(scratch1GPR, scratch2GPR, MacroAssembler::ScalePtr, static_cast<int32_t>(-sizeof(void*))));
-
- ok.append(m_jit.jump());
- needToFlush.link(&m_jit);
-
</del><span class="cx"> silentSpillAllRegisters(InvalidGPRReg);
</span><del>- callOperation(operationFlushWriteBarrierBuffer, baseGPR);
</del><ins>+ callOperation(operationWriteBarrierSlowPath, baseGPR);
</ins><span class="cx"> silentFillAllRegisters(InvalidGPRReg);
</span><span class="cx">
</span><span class="cx"> ok.link(&m_jit);
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreftlFTLLowerDFGToB3cpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp (210564 => 210565)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp 2017-01-10 23:34:51 UTC (rev 210564)
+++ trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp 2017-01-10 23:41:55 UTC (rev 210565)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013-2016 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013-2017 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -12960,8 +12960,13 @@
</span><span class="cx">
</span><span class="cx"> void emitStoreBarrier(LValue base, bool isFenced)
</span><span class="cx"> {
</span><ins>+ LBasicBlock recheckPath = nullptr;
+ if (isFenced)
+ recheckPath = m_out.newBlock();
</ins><span class="cx"> LBasicBlock slowPath = m_out.newBlock();
</span><span class="cx"> LBasicBlock continuation = m_out.newBlock();
</span><ins>+
+ LBasicBlock lastNext = m_out.insertNewBlocksBefore(isFenced ? recheckPath : slowPath);
</ins><span class="cx">
</span><span class="cx"> LValue threshold;
</span><span class="cx"> if (isFenced)
</span><span class="lines">@@ -12971,76 +12976,23 @@
</span><span class="cx">
</span><span class="cx"> m_out.branch(
</span><span class="cx"> m_out.above(loadCellState(base), threshold),
</span><del>- usually(continuation), rarely(slowPath));
-
- LBasicBlock lastNext = m_out.appendTo(slowPath, continuation);
</del><ins>+ usually(continuation), rarely(isFenced ? recheckPath : slowPath));
</ins><span class="cx">
</span><del>- // We emit the store barrier slow path lazily. In a lot of cases, this will never fire. And
- // when it does fire, it makes sense for us to generate this code using our JIT rather than
- // wasting B3's time optimizing it.
- PatchpointValue* patchpoint = lazySlowPath(
- [=] (const Vector<Location>& locations) -> RefPtr<LazySlowPath::Generator> {
- GPRReg baseGPR = locations[1].directGPR();
</del><ins>+ if (isFenced) {
+ m_out.appendTo(recheckPath, slowPath);
+
+ m_out.fence(&m_heaps.root, &m_heaps.JSCell_cellState);
+
+ m_out.branch(
+ m_out.above(loadCellState(base), m_out.constInt32(blackThreshold)),
+ usually(continuation), rarely(slowPath));
+ }
</ins><span class="cx">
</span><del>- return LazySlowPath::createGenerator(
- [=] (CCallHelpers& jit, LazySlowPath::GenerationParams& params) {
- if (isFenced) {
- CCallHelpers::Jump noFence = jit.jumpIfMutatorFenceNotNeeded();
- jit.memoryFence();
- params.doneJumps.append(jit.barrierBranchWithoutFence(baseGPR));
- noFence.link(&jit);
- }
-
- RegisterSet usedRegisters = params.lazySlowPath->usedRegisters();
- ScratchRegisterAllocator scratchRegisterAllocator(usedRegisters);
- scratchRegisterAllocator.lock(baseGPR);
-
- GPRReg scratch1 = scratchRegisterAllocator.allocateScratchGPR();
- GPRReg scratch2 = scratchRegisterAllocator.allocateScratchGPR();
-
- ScratchRegisterAllocator::PreservedState preservedState =
- scratchRegisterAllocator.preserveReusedRegistersByPushing(jit, ScratchRegisterAllocator::ExtraStackSpace::SpaceForCCall);
-
- // We've already saved these, so when we make a slow path call, we don't have
- // to save them again.
- usedRegisters.exclude(RegisterSet(scratch1, scratch2));
-
- WriteBarrierBuffer& writeBarrierBuffer = jit.vm()->heap.writeBarrierBuffer();
- jit.load32(writeBarrierBuffer.currentIndexAddress(), scratch2);
- CCallHelpers::Jump needToFlush = jit.branch32(
- CCallHelpers::AboveOrEqual, scratch2,
- CCallHelpers::TrustedImm32(writeBarrierBuffer.capacity()));
-
- jit.add32(CCallHelpers::TrustedImm32(1), scratch2);
- jit.store32(scratch2, writeBarrierBuffer.currentIndexAddress());
-
- jit.move(CCallHelpers::TrustedImmPtr(writeBarrierBuffer.buffer()), scratch1);
- jit.storePtr(
- baseGPR,
- CCallHelpers::BaseIndex(
- scratch1, scratch2, CCallHelpers::ScalePtr,
- static_cast<int32_t>(-sizeof(void*))));
-
- scratchRegisterAllocator.restoreReusedRegistersByPopping(jit, preservedState);
-
- params.doneJumps.append(jit.jump());
-
- needToFlush.link(&jit);
- callOperation(
- usedRegisters, jit, params.lazySlowPath->callSiteIndex(),
- params.exceptionJumps, operationFlushWriteBarrierBuffer, InvalidGPRReg,
- baseGPR);
- scratchRegisterAllocator.restoreReusedRegistersByPopping(jit, preservedState);
- params.doneJumps.append(jit.jump());
- });
- },
- base);
</del><ins>+ m_out.appendTo(slowPath, continuation);
</ins><span class="cx">
</span><del>- if (isFenced)
- m_heaps.decoratePatchpointRead(&m_heaps.root, patchpoint);
- else
- m_heaps.decoratePatchpointRead(&m_heaps.JSCell_cellState, patchpoint);
- m_heaps.decoratePatchpointWrite(&m_heaps.JSCell_cellState, patchpoint);
</del><ins>+ LValue call = vmCall(Void, m_out.operation(operationWriteBarrierSlowPath), m_callFrame, base);
+ m_heaps.decorateCCallRead(&m_heaps.root, call);
+ m_heaps.decorateCCallWrite(&m_heaps.JSCell_cellState, call);
</ins><span class="cx">
</span><span class="cx"> m_out.jump(continuation);
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapCellStateh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/CellState.h (210564 => 210565)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/CellState.h 2017-01-10 23:34:51 UTC (rev 210564)
+++ trunk/Source/JavaScriptCore/heap/CellState.h 2017-01-10 23:41:55 UTC (rev 210565)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2015-2016 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2015-2017 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -29,17 +29,20 @@
</span><span class="cx">
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><ins>+// The CellState of a cell is a kind of hint about what the state of the cell is.
</ins><span class="cx"> enum class CellState : uint8_t {
</span><span class="cx"> // The object is either currently being scanned, or it has finished being scanned, or this
</span><span class="cx"> // is a full collection and it's actually a white object (you'd know because its mark bit
</span><span class="cx"> // would be clear).
</span><del>- PossiblyOldOrBlack = 0,
</del><ins>+ PossiblyBlack = 0,
</ins><span class="cx">
</span><span class="cx"> // The object is in eden. During GC, this means that the object has not been marked yet.
</span><del>- DefinitelyNewAndWhite = 1,
</del><ins>+ DefinitelyWhite = 1,
</ins><span class="cx">
</span><del>- // The object is grey - i.e. it will be scanned.
- DefinitelyGrey = 2,
</del><ins>+ // This sorta means that the object is grey - i.e. it will be scanned. Or it could be white
+ // during a full collection if its mark bit is clear. That would happen if it had been black,
+ // got barriered, and we did a full collection.
+ PossiblyGrey = 2
</ins><span class="cx"> };
</span><span class="cx">
</span><span class="cx"> static const unsigned blackThreshold = 0; // x <= blackThreshold means x is PossiblyOldOrBlack.
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapHeapcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/Heap.cpp (210564 => 210565)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/Heap.cpp 2017-01-10 23:34:51 UTC (rev 210564)
+++ trunk/Source/JavaScriptCore/heap/Heap.cpp 2017-01-10 23:41:55 UTC (rev 210565)
</span><span class="lines">@@ -263,7 +263,6 @@
</span><span class="cx"> , m_codeBlocks(std::make_unique<CodeBlockSet>())
</span><span class="cx"> , m_jitStubRoutines(std::make_unique<JITStubRoutineSet>())
</span><span class="cx"> , m_isSafeToCollect(false)
</span><del>- , m_writeBarrierBuffer(256)
</del><span class="cx"> , m_vm(vm)
</span><span class="cx"> // We seed with 10ms so that GCActivityCallback::didAllocate doesn't continuously
</span><span class="cx"> // schedule the timer if we've never done a collection.
</span><span class="lines">@@ -584,7 +583,7 @@
</span><span class="cx">
</span><span class="cx"> for (unsigned iteration = 1; ; ++iteration) {
</span><span class="cx"> if (Options::logGC())
</span><del>- dataLog("i#", iteration, " ", slotVisitor.collectorMarkStack().size(), "+", m_mutatorMarkStack->size() + slotVisitor.mutatorMarkStack().size(), " b=", m_barriersExecuted, " ");
</del><ins>+ dataLog("i#", iteration, " b=", m_barriersExecuted, " ");
</ins><span class="cx">
</span><span class="cx"> if (slotVisitor.didReachTermination()) {
</span><span class="cx"> assertSharedMarkStacksEmpty();
</span><span class="lines">@@ -610,6 +609,9 @@
</span><span class="cx"> m_scheduler->didExecuteConstraints();
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ if (Options::logGC())
+ dataLog(slotVisitor.collectorMarkStack().size(), "+", m_mutatorMarkStack->size() + slotVisitor.mutatorMarkStack().size(), " ");
+
</ins><span class="cx"> {
</span><span class="cx"> ParallelModeEnabler enabler(slotVisitor);
</span><span class="cx"> slotVisitor.drainInParallel(m_scheduler->timeToResume());
</span><span class="lines">@@ -940,24 +942,58 @@
</span><span class="cx"> m_jitStubRoutines->deleteUnmarkedJettisonedStubRoutines();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void Heap::addToRememberedSet(const JSCell* cell)
</del><ins>+void Heap::addToRememberedSet(const JSCell* constCell)
</ins><span class="cx"> {
</span><ins>+ JSCell* cell = const_cast<JSCell*>(constCell);
</ins><span class="cx"> ASSERT(cell);
</span><span class="cx"> ASSERT(!Options::useConcurrentJIT() || !isCompilationThread());
</span><span class="cx"> m_barriersExecuted++;
</span><del>- if (!Heap::isMarkedConcurrently(cell)) {
- // During a full collection a store into an unmarked object that had surivived past
- // collections will manifest as a store to an unmarked black object. If the object gets
- // marked at some time after this then it will go down the normal marking path. We can
- // safely ignore these stores.
- return;
- }
</del><ins>+ if (m_mutatorShouldBeFenced) {
+ WTF::loadLoadFence();
+ if (!isMarkedConcurrently(cell)) {
+ // During a full collection a store into an unmarked object that had surivived past
+ // collections will manifest as a store to an unmarked PossiblyBlack object. If the
+ // object gets marked at some time after this then it will go down the normal marking
+ // path. So, we don't have to remember this object. We could return here. But we go
+ // further and attempt to re-white the object.
+
+ RELEASE_ASSERT(m_collectionScope == CollectionScope::Full);
+
+ if (cell->atomicCompareExchangeCellStateStrong(CellState::PossiblyBlack, CellState::DefinitelyWhite) == CellState::PossiblyBlack) {
+ // Now we protect against this race:
+ //
+ // 1) Object starts out black + unmarked.
+ // --> We do isMarkedConcurrently here.
+ // 2) Object is marked and greyed.
+ // 3) Object is scanned and blacked.
+ // --> We do atomicCompareExchangeCellStateStrong here.
+ //
+ // In this case we would have made the object white again, even though it should
+ // be black. This check lets us correct our mistake. This relies on the fact that
+ // isMarkedConcurrently converges monotonically to true.
+ if (isMarkedConcurrently(cell)) {
+ // It's difficult to work out whether the object should be grey or black at
+ // this point. We say black conservatively.
+ cell->setCellState(CellState::PossiblyBlack);
+ }
+
+ // Either way, we can return. Most likely, the object was not marked, and so the
+ // object is now labeled white. This means that future barrier executions will not
+ // fire. In the unlikely event that the object had become marked, we can still
+ // return anyway, since we proved that the object was not marked at the time that
+ // we executed this slow path.
+ }
+
+ return;
+ }
+ } else
+ ASSERT(Heap::isMarkedConcurrently(cell));
</ins><span class="cx"> // It could be that the object was *just* marked. This means that the collector may set the
</span><span class="cx"> // state to DefinitelyGrey and then to PossiblyOldOrBlack at any time. It's OK for us to
</span><span class="cx"> // race with the collector here. If we win then this is accurate because the object _will_
</span><span class="cx"> // get scanned again. If we lose then someone else will barrier the object again. That would
</span><span class="cx"> // be unfortunate but not the end of the world.
</span><del>- cell->setCellState(CellState::DefinitelyGrey);
</del><ins>+ cell->setCellState(CellState::PossiblyGrey);
</ins><span class="cx"> m_mutatorMarkStack->append(cell);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -1177,7 +1213,6 @@
</span><span class="cx">
</span><span class="cx"> vm()->shadowChicken().update(*vm(), vm()->topCallFrame);
</span><span class="cx">
</span><del>- flushWriteBarrierBuffer();
</del><span class="cx"> m_structureIDTable.flushOldTables();
</span><span class="cx"> m_objectSpace.stopAllocating();
</span><span class="cx">
</span><span class="lines">@@ -1597,11 +1632,6 @@
</span><span class="cx"> observer->willGarbageCollect();
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void Heap::flushWriteBarrierBuffer()
-{
- m_writeBarrierBuffer.flush(*this);
-}
-
</del><span class="cx"> void Heap::prepareForMarking()
</span><span class="cx"> {
</span><span class="cx"> m_objectSpace.prepareForMarking();
</span><span class="lines">@@ -1882,12 +1912,6 @@
</span><span class="cx"> m_objectSpace.forEachDeadCell(iterationScope, Zombify());
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void Heap::flushWriteBarrierBuffer(JSCell* cell)
-{
- m_writeBarrierBuffer.flush(*this);
- m_writeBarrierBuffer.add(cell);
-}
-
</del><span class="cx"> bool Heap::shouldDoFullCollection(std::optional<CollectionScope> scope) const
</span><span class="cx"> {
</span><span class="cx"> if (!Options::useGenerationalGC())
</span><span class="lines">@@ -1965,7 +1989,7 @@
</span><span class="cx"> // In this case, the barrierThreshold is the tautological threshold, so from could still be
</span><span class="cx"> // not black. But we can't know for sure until we fire off a fence.
</span><span class="cx"> WTF::storeLoadFence();
</span><del>- if (from->cellState() != CellState::PossiblyOldOrBlack)
</del><ins>+ if (from->cellState() != CellState::PossiblyBlack)
</ins><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -2213,7 +2237,7 @@
</span><span class="cx"> [&] (CodeBlock* codeBlock) {
</span><span class="cx"> // Visit the CodeBlock as a constraint only if it's black.
</span><span class="cx"> if (Heap::isMarked(codeBlock)
</span><del>- && codeBlock->cellState() == CellState::PossiblyOldOrBlack)
</del><ins>+ && codeBlock->cellState() == CellState::PossiblyBlack)
</ins><span class="cx"> slotVisitor.visitAsConstraint(codeBlock);
</span><span class="cx"> });
</span><span class="cx"> },
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapHeaph"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/Heap.h (210564 => 210565)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/Heap.h 2017-01-10 23:34:51 UTC (rev 210564)
+++ trunk/Source/JavaScriptCore/heap/Heap.h 2017-01-10 23:41:55 UTC (rev 210565)
</span><span class="lines">@@ -43,7 +43,6 @@
</span><span class="cx"> #include "VisitRaceKey.h"
</span><span class="cx"> #include "WeakHandleOwner.h"
</span><span class="cx"> #include "WeakReferenceHarvester.h"
</span><del>-#include "WriteBarrierBuffer.h"
</del><span class="cx"> #include "WriteBarrierSupport.h"
</span><span class="cx"> #include <wtf/AutomaticThread.h>
</span><span class="cx"> #include <wtf/Deque.h>
</span><span class="lines">@@ -125,9 +124,6 @@
</span><span class="cx"> // Take this if you know that from->cellState() < barrierThreshold.
</span><span class="cx"> JS_EXPORT_PRIVATE void writeBarrierSlowPath(const JSCell* from);
</span><span class="cx">
</span><del>- WriteBarrierBuffer& writeBarrierBuffer() { return m_writeBarrierBuffer; }
- void flushWriteBarrierBuffer(JSCell*);
-
</del><span class="cx"> void writeBarrierOpaqueRoot(void*);
</span><span class="cx">
</span><span class="cx"> Heap(VM*, HeapType);
</span><span class="lines">@@ -445,7 +441,6 @@
</span><span class="cx">
</span><span class="cx"> void suspendCompilerThreads();
</span><span class="cx"> void willStartCollection(std::optional<CollectionScope>);
</span><del>- void flushWriteBarrierBuffer();
</del><span class="cx"> void prepareForMarking();
</span><span class="cx">
</span><span class="cx"> void markToFixpoint(double gcStartTime);
</span><span class="lines">@@ -564,7 +559,6 @@
</span><span class="cx">
</span><span class="cx"> bool m_isSafeToCollect;
</span><span class="cx">
</span><del>- WriteBarrierBuffer m_writeBarrierBuffer;
</del><span class="cx"> bool m_mutatorShouldBeFenced { Options::forceFencedBarrier() };
</span><span class="cx"> unsigned m_barrierThreshold { Options::forceFencedBarrier() ? tautologicalThreshold : blackThreshold };
</span><span class="cx"> Vector<bool*> m_mutatorShouldBeFencedCaches;
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapSlotVisitorcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/heap/SlotVisitor.cpp (210564 => 210565)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/SlotVisitor.cpp 2017-01-10 23:34:51 UTC (rev 210564)
+++ trunk/Source/JavaScriptCore/heap/SlotVisitor.cpp 2017-01-10 23:41:55 UTC (rev 210565)
</span><span class="lines">@@ -204,7 +204,7 @@
</span><span class="cx"> JSCell* jsCell = static_cast<JSCell*>(heapCell);
</span><span class="cx"> validateCell(jsCell);
</span><span class="cx">
</span><del>- jsCell->setCellState(CellState::DefinitelyGrey);
</del><ins>+ jsCell->setCellState(CellState::PossiblyGrey);
</ins><span class="cx">
</span><span class="cx"> appendToMarkStack(jsCell);
</span><span class="cx"> return;
</span><span class="lines">@@ -266,7 +266,7 @@
</span><span class="cx"> // Indicate that the object is grey and that:
</span><span class="cx"> // In case of concurrent GC: it's the first time it is grey in this GC cycle.
</span><span class="cx"> // In case of eden collection: it's a new object that became grey rather than an old remembered object.
</span><del>- cell->setCellState(CellState::DefinitelyGrey);
</del><ins>+ cell->setCellState(CellState::PossiblyGrey);
</ins><span class="cx">
</span><span class="cx"> appendToMarkStack(container, cell);
</span><span class="cx"> }
</span><span class="lines">@@ -284,7 +284,7 @@
</span><span class="cx"> {
</span><span class="cx"> ASSERT(Heap::isMarkedConcurrently(cell));
</span><span class="cx"> ASSERT(!cell->isZapped());
</span><del>- ASSERT(cell->cellState() == CellState::DefinitelyGrey);
</del><ins>+ ASSERT(cell->cellState() == CellState::PossiblyGrey);
</ins><span class="cx">
</span><span class="cx"> container.noteMarked();
</span><span class="cx">
</span><span class="lines">@@ -371,7 +371,7 @@
</span><span class="cx"> // not clear to me that it would be correct or profitable to bail here if the object is already
</span><span class="cx"> // black.
</span><span class="cx">
</span><del>- cell->setCellState(CellState::PossiblyOldOrBlack);
</del><ins>+ cell->setCellState(CellState::PossiblyBlack);
</ins><span class="cx">
</span><span class="cx"> WTF::storeLoadFence();
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapWriteBarrierBuffercpp"></a>
<div class="delfile"><h4>Deleted: trunk/Source/JavaScriptCore/heap/WriteBarrierBuffer.cpp (210564 => 210565)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/WriteBarrierBuffer.cpp 2017-01-10 23:34:51 UTC (rev 210564)
+++ trunk/Source/JavaScriptCore/heap/WriteBarrierBuffer.cpp 2017-01-10 23:41:55 UTC (rev 210565)
</span><span class="lines">@@ -1,69 +0,0 @@
</span><del>-/*
- * Copyright (C) 2013 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#include "config.h"
-#include "WriteBarrierBuffer.h"
-
-#include "GCAssertions.h"
-#include "Heap.h"
-#include "JSCell.h"
-#include "JSCInlines.h"
-#include "Structure.h"
-
-namespace JSC {
-
-WriteBarrierBuffer::WriteBarrierBuffer(unsigned capacity)
- : m_currentIndex(0)
- , m_capacity(capacity)
- , m_buffer(static_cast<JSCell**>(fastMalloc(sizeof(JSCell*) * capacity)))
-{
-}
-
-WriteBarrierBuffer::~WriteBarrierBuffer()
-{
- fastFree(m_buffer);
-}
-
-void WriteBarrierBuffer::flush(Heap& heap)
-{
- ASSERT(m_currentIndex <= m_capacity);
- for (size_t i = 0; i < m_currentIndex; ++i)
- heap.writeBarrier(m_buffer[i]);
- m_currentIndex = 0;
-}
-
-void WriteBarrierBuffer::reset()
-{
- m_currentIndex = 0;
-}
-
-void WriteBarrierBuffer::add(JSCell* cell)
-{
- ASSERT_GC_OBJECT_LOOKS_VALID(cell);
- ASSERT(m_currentIndex < m_capacity);
- m_buffer[m_currentIndex++] = cell;
-}
-
-} // namespace JSC
</del></span></pre></div>
<a id="trunkSourceJavaScriptCoreheapWriteBarrierBufferh"></a>
<div class="delfile"><h4>Deleted: trunk/Source/JavaScriptCore/heap/WriteBarrierBuffer.h (210564 => 210565)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/heap/WriteBarrierBuffer.h 2017-01-10 23:34:51 UTC (rev 210564)
+++ trunk/Source/JavaScriptCore/heap/WriteBarrierBuffer.h 2017-01-10 23:41:55 UTC (rev 210565)
</span><span class="lines">@@ -1,65 +0,0 @@
</span><del>-/*
- * Copyright (C) 2013, 2015 Apple Inc. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
- * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
- * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
- * THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-#pragma once
-
-#include <wtf/FastMalloc.h>
-
-namespace JSC {
-
-class Heap;
-class JSCell;
-
-class WriteBarrierBuffer {
-public:
- WriteBarrierBuffer(unsigned capacity);
- ~WriteBarrierBuffer();
-
- void add(JSCell*);
- void flush(Heap&);
- void reset();
-
- unsigned* currentIndexAddress()
- {
- return &m_currentIndex;
- }
-
- unsigned capacity() const
- {
- return m_capacity;
- }
-
- JSCell** buffer()
- {
- return m_buffer;
- }
-
-private:
- unsigned m_currentIndex;
- const unsigned m_capacity;
- JSCell** const m_buffer;
-};
-
-} // namespace JSC
</del></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITOperationscpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITOperations.cpp (210564 => 210565)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITOperations.cpp 2017-01-10 23:34:51 UTC (rev 210564)
+++ trunk/Source/JavaScriptCore/jit/JITOperations.cpp 2017-01-10 23:41:55 UTC (rev 210565)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013-2016 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013-2017 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -2188,13 +2188,6 @@
</span><span class="cx"> return reinterpret_cast<char*>(result);
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void JIT_OPERATION operationFlushWriteBarrierBuffer(ExecState* exec, JSCell* cell)
-{
- VM* vm = &exec->vm();
- NativeCallFrameTracer tracer(vm, exec);
- vm->heap.flushWriteBarrierBuffer(cell);
-}
-
</del><span class="cx"> void JIT_OPERATION operationOSRWriteBarrier(ExecState* exec, JSCell* cell)
</span><span class="cx"> {
</span><span class="cx"> VM* vm = &exec->vm();
</span></span></pre></div>
<a id="trunkSourceJavaScriptCorejitJITOperationsh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/jit/JITOperations.h (210564 => 210565)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/jit/JITOperations.h 2017-01-10 23:34:51 UTC (rev 210564)
+++ trunk/Source/JavaScriptCore/jit/JITOperations.h 2017-01-10 23:41:55 UTC (rev 210565)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2013-2016 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2013-2017 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -426,7 +426,6 @@
</span><span class="cx"> char* JIT_OPERATION operationReallocateButterflyToHavePropertyStorageWithInitialCapacity(ExecState*, JSObject*) WTF_INTERNAL;
</span><span class="cx"> char* JIT_OPERATION operationReallocateButterflyToGrowPropertyStorage(ExecState*, JSObject*, size_t newSize) WTF_INTERNAL;
</span><span class="cx">
</span><del>-void JIT_OPERATION operationFlushWriteBarrierBuffer(ExecState*, JSCell*);
</del><span class="cx"> void JIT_OPERATION operationWriteBarrierSlowPath(ExecState*, JSCell*);
</span><span class="cx"> void JIT_OPERATION operationOSRWriteBarrier(ExecState*, JSCell*);
</span><span class="cx">
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeJSCellInlinesh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/JSCellInlines.h (210564 => 210565)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/JSCellInlines.h 2017-01-10 23:34:51 UTC (rev 210564)
+++ trunk/Source/JavaScriptCore/runtime/JSCellInlines.h 2017-01-10 23:41:55 UTC (rev 210565)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2012-2016 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2012-2017 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -41,7 +41,7 @@
</span><span class="cx"> namespace JSC {
</span><span class="cx">
</span><span class="cx"> inline JSCell::JSCell(CreatingEarlyCellTag)
</span><del>- : m_cellState(CellState::DefinitelyNewAndWhite)
</del><ins>+ : m_cellState(CellState::DefinitelyWhite)
</ins><span class="cx"> {
</span><span class="cx"> ASSERT(!isCompilationThread());
</span><span class="cx"> }
</span><span class="lines">@@ -51,7 +51,7 @@
</span><span class="cx"> , m_indexingTypeAndMisc(structure->indexingTypeIncludingHistory())
</span><span class="cx"> , m_type(structure->typeInfo().type())
</span><span class="cx"> , m_flags(structure->typeInfo().inlineTypeFlags())
</span><del>- , m_cellState(CellState::DefinitelyNewAndWhite)
</del><ins>+ , m_cellState(CellState::DefinitelyWhite)
</ins><span class="cx"> {
</span><span class="cx"> ASSERT(!isCompilationThread());
</span><span class="cx"> }
</span></span></pre></div>
<a id="trunkSourceJavaScriptCoreruntimeStructureIDBlobh"></a>
<div class="modfile"><h4>Modified: trunk/Source/JavaScriptCore/runtime/StructureIDBlob.h (210564 => 210565)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/JavaScriptCore/runtime/StructureIDBlob.h 2017-01-10 23:34:51 UTC (rev 210564)
+++ trunk/Source/JavaScriptCore/runtime/StructureIDBlob.h 2017-01-10 23:41:55 UTC (rev 210565)
</span><span class="lines">@@ -1,5 +1,5 @@
</span><span class="cx"> /*
</span><del>- * Copyright (C) 2014-2016 Apple Inc. All rights reserved.
</del><ins>+ * Copyright (C) 2014-2017 Apple Inc. All rights reserved.
</ins><span class="cx"> *
</span><span class="cx"> * Redistribution and use in source and binary forms, with or without
</span><span class="cx"> * modification, are permitted provided that the following conditions
</span><span class="lines">@@ -46,7 +46,7 @@
</span><span class="cx"> u.fields.indexingTypeIncludingHistory = indexingTypeIncludingHistory;
</span><span class="cx"> u.fields.type = typeInfo.type();
</span><span class="cx"> u.fields.inlineTypeFlags = typeInfo.inlineTypeFlags();
</span><del>- u.fields.defaultCellState = CellState::DefinitelyNewAndWhite;
</del><ins>+ u.fields.defaultCellState = CellState::DefinitelyWhite;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> void operator=(const StructureIDBlob& other) { u.doubleWord = other.u.doubleWord; }
</span></span></pre>
</div>
</div>
</body>
</html>