[Webkit-unassigned] [Bug 72467] New: Code block jettisoning should be part of the GC's transitive closure

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Nov 15 23:25:30 PST 2011 

https://bugs.webkit.org/show_bug.cgi?id=72467

           Summary: Code block jettisoning should be part of the GC's
                    transitive closure
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: fpizlo at apple.com


Currently if the recompilation system determines that a code block should be ditched, we "jettison" it from its owner executable and transfer its ownership to the GC.  The GC then deletes it if on the next GC cycle it proves that no call frame is using that code block.  This ensures sound execution even if the code block was running at the time that the recompilation system determined that it should be ditched.

But this mechanism does not allow for the collector to decide, on its own, that a code block should be jettisoned.  For example, the collector may find that references that the code block needs in order to survive are no longer live (such as inlined references to structures and callees).  In that case, the collector should delete the code block if it is not referenced from call frames; otherwise it should let it live and ensure that all of those references are marked to ensure sound execution.  But by the time that the collector could have made such a decision (i.e. during the transitive closure, or "drain", portion of Heap::markRoots()), the JettisonedCodeBlocks class no longer remembers which code blocks are live on call frames and which are dead.

This mechanism also provides no way for a code block to decide, when it is asked to mark its references, if it is being asked to do so because it is live on call frames, or because it is reachable from live executables, or both.  What we would like is for it to be able to mark its inlined references strongly if it is live on call frames or ephemeronically otherwise, and if it finds any of them to be dead, then it should jettison itself.  The information necessary to make these decisions should be made available to CodeBlocks at time of garbage collection.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list