[Webkit-unassigned] [Bug 90731] New: It should be possible to jettison JIT stub routines even if they are currently running
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Jul 7 14:34:49 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=90731
Summary: It should be possible to jettison JIT stub routines
even if they are currently running
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: fpizlo at apple.com
Currently it's not possible to delete JIT stub routines except during garbage collection. Even then, this barely works because the JIT stub routine that we want to kill may be currently on the stack. Right now we make it work by ensuring that (a) only the GC can decide to kill stub routines and (b) it will only kill them if the pointers they rely on are dead. But it's not clear that this is quite correct, since we may choose to kill a list of stubs if any stub in the list has stale pointers. So if a stub is currently running, and its pointers are live because of some other black magic we pulled, then it may still get killed by GC because it belongs to a list of stubs where some other stub is proved dead.
This needs to all be rationalized:
1) We don't want to be killing stubs prematurely. That's probably bad.
2) We want to be able to kill stubs even if they are running. The best way to do this is to jettison-to-GC like we do for reoptimization: we can mark the stub routine as having liveness that is predicated on it being on the stack *right now*. As soon as the GC proves that it is not on the stack, it can kill it.
Work in progress patch forthcoming.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list