WebKit Bugzilla
Attachment 360711 Details for
Bug 194084
: [JSC] Do not use InferredValue in non-JIT configuration
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-194084-20190131021447.patch (text/plain), 14.96 KB, created by
Yusuke Suzuki
on 2019-01-31 02:14:48 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Yusuke Suzuki
Created:
2019-01-31 02:14:48 PST
Size:
14.96 KB
patch
obsolete
>Subversion Revision: 240773 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index 0d1390284bf7671883acd45a6c3955f24c18235f..1ab23e93d73dadbcb5ec2e3fdf2b1f72099f943a 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,41 @@ >+2019-01-31 Yusuke Suzuki <ysuzuki@apple.com> >+ >+ [JSC] Do not use InferredValue in non-JIT configuration >+ https://bugs.webkit.org/show_bug.cgi?id=194084 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ InferredValue is not meaningful if our VM is non-JIT configuration. We should not allocate it in non-JIT configuration. >+ FunctionExecutable's singletonFunction is also used in non-JIT configuration to determine whether the given FunctionExecutable >+ is preferable target for poly proto. But in this case, we do not need to have full InferredValue. Just holding WatchpointState >+ is enough because nobody watches it if the configuration is non-JIT. >+ >+ * bytecode/ObjectAllocationProfileInlines.h: >+ (JSC::ObjectAllocationProfile::initializeProfile): >+ * runtime/FunctionExecutable.cpp: >+ (JSC::FunctionExecutable::FunctionExecutable): >+ (JSC::FunctionExecutable::finishCreation): >+ (JSC::FunctionExecutable::visitChildren): >+ * runtime/FunctionExecutable.h: >+ * runtime/InferredValue.cpp: >+ (JSC::InferredValue::create): >+ * runtime/JSAsyncFunction.cpp: >+ (JSC::JSAsyncFunction::create): >+ * runtime/JSAsyncGeneratorFunction.cpp: >+ (JSC::JSAsyncGeneratorFunction::create): >+ * runtime/JSFunction.cpp: >+ (JSC::JSFunction::create): >+ * runtime/JSFunctionInlines.h: >+ (JSC::JSFunction::createWithInvalidatedReallocationWatchpoint): >+ * runtime/JSGeneratorFunction.cpp: >+ (JSC::JSGeneratorFunction::create): >+ * runtime/JSSymbolTableObject.h: >+ (JSC::JSSymbolTableObject::setSymbolTable): >+ * runtime/SymbolTable.cpp: >+ (JSC::SymbolTable::finishCreation): >+ * runtime/VM.cpp: >+ (JSC::VM::VM): >+ > 2019-01-30 Yusuke Suzuki <ysuzuki@apple.com> > > [JSC] Symbol should be in destructibleCellSpace >diff --git a/Source/JavaScriptCore/bytecode/ObjectAllocationProfileInlines.h b/Source/JavaScriptCore/bytecode/ObjectAllocationProfileInlines.h >index 7021947cf7862ca9dbe23cdcbb4d7909322eb3e4..4999121b1660643c8597e320a0a625ddc2c5d682 100644 >--- a/Source/JavaScriptCore/bytecode/ObjectAllocationProfileInlines.h >+++ b/Source/JavaScriptCore/bytecode/ObjectAllocationProfileInlines.h >@@ -65,7 +65,7 @@ ALWAYS_INLINE void ObjectAllocationProfile::initializeProfile(VM& vm, JSGlobalOb > if (Options::forcePolyProto()) > isPolyProto = true; > else >- isPolyProto = executable->ensurePolyProtoWatchpoint().hasBeenInvalidated() && executable->singletonFunction()->hasBeenInvalidated(); >+ isPolyProto = executable->ensurePolyProtoWatchpoint().hasBeenInvalidated() && executable->singletonFunctionHasBeenInvalidated(); > } > > unsigned inlineCapacity = 0; >diff --git a/Source/JavaScriptCore/runtime/FunctionExecutable.cpp b/Source/JavaScriptCore/runtime/FunctionExecutable.cpp >index 79780db9fefa253694d986783b84d408cae795bb..7f14bf102c9d7f548e12228f72b6179146d2c2eb 100644 >--- a/Source/JavaScriptCore/runtime/FunctionExecutable.cpp >+++ b/Source/JavaScriptCore/runtime/FunctionExecutable.cpp >@@ -53,12 +53,17 @@ FunctionExecutable::FunctionExecutable(VM& vm, const SourceCode& source, Unlinke > m_parametersStartOffset = unlinkedExecutable->parametersStartOffset(); > m_typeProfilingStartOffset = unlinkedExecutable->typeProfilingStartOffset(); > m_typeProfilingEndOffset = unlinkedExecutable->typeProfilingEndOffset(); >+ if (VM::canUseJIT()) >+ new (&m_singletonFunction) WriteBarrier<InferredValue>(); > } > > void FunctionExecutable::finishCreation(VM& vm) > { > Base::finishCreation(vm); >- m_singletonFunction.set(vm, this, InferredValue::create(vm)); >+ if (VM::canUseJIT()) >+ m_singletonFunction.set(vm, this, InferredValue::create(vm)); >+ else >+ m_singletonFunctionState = ClearWatchpoint; > } > > void FunctionExecutable::destroy(JSCell* cell) >@@ -88,7 +93,8 @@ void FunctionExecutable::visitChildren(JSCell* cell, SlotVisitor& visitor) > visitor.append(thisObject->m_codeBlockForCall); > visitor.append(thisObject->m_codeBlockForConstruct); > visitor.append(thisObject->m_unlinkedExecutable); >- visitor.append(thisObject->m_singletonFunction); >+ if (VM::canUseJIT()) >+ visitor.append(thisObject->m_singletonFunction); > visitor.append(thisObject->m_cachedPolyProtoStructure); > } > >diff --git a/Source/JavaScriptCore/runtime/FunctionExecutable.h b/Source/JavaScriptCore/runtime/FunctionExecutable.h >index 1baaa8572162d81d8c7ad2efc4e926de0ea59727..68bd9a8ccf83ccedac0eda9f18b1bc3d0bbc3270 100644 >--- a/Source/JavaScriptCore/runtime/FunctionExecutable.h >+++ b/Source/JavaScriptCore/runtime/FunctionExecutable.h >@@ -183,7 +183,38 @@ class FunctionExecutable final : public ScriptExecutable { > > DECLARE_INFO; > >- InferredValue* singletonFunction() { return m_singletonFunction.get(); } >+ InferredValue* singletonFunction() >+ { >+ if (VM::canUseJIT()) >+ return m_singletonFunction.get(); >+ return nullptr; >+ } >+ >+ void notifyWrite(VM& vm, JSValue value, const char* reason) >+ { >+ if (VM::canUseJIT()) { >+ singletonFunction()->notifyWrite(vm, value, reason); >+ return; >+ } >+ switch (m_singletonFunctionState) { >+ case ClearWatchpoint: >+ m_singletonFunctionState = IsWatched; >+ return; >+ case IsWatched: >+ m_singletonFunctionState = IsInvalidated; >+ return; >+ case IsInvalidated: >+ return; >+ } >+ } >+ >+ bool singletonFunctionHasBeenInvalidated() >+ { >+ if (VM::canUseJIT()) >+ return singletonFunction()->hasBeenInvalidated(); >+ return m_singletonFunctionState == IsInvalidated; >+ } >+ > // Cached poly proto structure for the result of constructing this executable. > Structure* cachedPolyProtoStructure() { return m_cachedPolyProtoStructure.get(); } > void setCachedPolyProtoStructure(VM& vm, Structure* structure) { m_cachedPolyProtoStructure.set(vm, this, structure); } >@@ -212,7 +243,10 @@ class FunctionExecutable final : public ScriptExecutable { > WriteBarrier<ExecutableToCodeBlockEdge> m_codeBlockForCall; > WriteBarrier<ExecutableToCodeBlockEdge> m_codeBlockForConstruct; > RefPtr<TypeSet> m_returnStatementTypeSet; >- WriteBarrier<InferredValue> m_singletonFunction; >+ union { >+ WriteBarrier<InferredValue> m_singletonFunction; >+ WatchpointState m_singletonFunctionState; >+ }; > WriteBarrier<Structure> m_cachedPolyProtoStructure; > Box<InlineWatchpointSet> m_polyProtoWatchpoint; > }; >diff --git a/Source/JavaScriptCore/runtime/InferredValue.cpp b/Source/JavaScriptCore/runtime/InferredValue.cpp >index 69de0fb04303f47000256520a8885a19098477de..989479edfd68b524041590fc723d8853040d4aec 100644 >--- a/Source/JavaScriptCore/runtime/InferredValue.cpp >+++ b/Source/JavaScriptCore/runtime/InferredValue.cpp >@@ -35,6 +35,7 @@ const ClassInfo InferredValue::s_info = { "InferredValue", nullptr, nullptr, nul > > InferredValue* InferredValue::create(VM& vm) > { >+ ASSERT(VM::canUseJIT()); > InferredValue* result = new (NotNull, allocateCell<InferredValue>(vm.heap)) InferredValue(vm); > result->finishCreation(vm); > return result; >diff --git a/Source/JavaScriptCore/runtime/JSAsyncFunction.cpp b/Source/JavaScriptCore/runtime/JSAsyncFunction.cpp >index c89d032f1a9e4baa5f77f604147b8aa34113c964..a384aad1365d14348ad67a205a36a59a9694abc7 100644 >--- a/Source/JavaScriptCore/runtime/JSAsyncFunction.cpp >+++ b/Source/JavaScriptCore/runtime/JSAsyncFunction.cpp >@@ -55,14 +55,14 @@ JSAsyncFunction* JSAsyncFunction::createImpl(VM& vm, FunctionExecutable* executa > JSAsyncFunction* JSAsyncFunction::create(VM& vm, FunctionExecutable* executable, JSScope* scope) > { > JSAsyncFunction* asyncFunction = createImpl(vm, executable, scope, scope->globalObject(vm)->asyncFunctionStructure()); >- executable->singletonFunction()->notifyWrite(vm, asyncFunction, "Allocating an async function"); >+ executable->notifyWrite(vm, asyncFunction, "Allocating an async function"); > return asyncFunction; > } > > JSAsyncFunction* JSAsyncFunction::create(VM& vm, FunctionExecutable* executable, JSScope* scope, Structure* structure) > { > JSAsyncFunction* asyncFunction = createImpl(vm, executable, scope, structure); >- executable->singletonFunction()->notifyWrite(vm, asyncFunction, "Allocating an async function"); >+ executable->notifyWrite(vm, asyncFunction, "Allocating an async function"); > return asyncFunction; > } > >diff --git a/Source/JavaScriptCore/runtime/JSAsyncGeneratorFunction.cpp b/Source/JavaScriptCore/runtime/JSAsyncGeneratorFunction.cpp >index 87f958399b3cd40f1e156db5083c4c4c4b13dc40..079446446fc98490a0f7b14bfe5013d608cbe8ff 100644 >--- a/Source/JavaScriptCore/runtime/JSAsyncGeneratorFunction.cpp >+++ b/Source/JavaScriptCore/runtime/JSAsyncGeneratorFunction.cpp >@@ -55,14 +55,14 @@ JSAsyncGeneratorFunction* JSAsyncGeneratorFunction::createImpl(VM& vm, FunctionE > JSAsyncGeneratorFunction* JSAsyncGeneratorFunction::create(VM& vm, FunctionExecutable* executable, JSScope* scope) > { > JSAsyncGeneratorFunction* asyncGenerator = createImpl(vm, executable, scope, scope->globalObject(vm)->asyncGeneratorFunctionStructure()); >- executable->singletonFunction()->notifyWrite(vm, asyncGenerator, "Allocating an async generator"); >+ executable->notifyWrite(vm, asyncGenerator, "Allocating an async generator"); > return asyncGenerator; > } > > JSAsyncGeneratorFunction* JSAsyncGeneratorFunction::create(VM& vm, FunctionExecutable* executable, JSScope* scope, Structure* structure) > { > JSAsyncGeneratorFunction* asyncGenerator = createImpl(vm, executable, scope, structure); >- executable->singletonFunction()->notifyWrite(vm, asyncGenerator, "Allocating an async generator"); >+ executable->notifyWrite(vm, asyncGenerator, "Allocating an async generator"); > return asyncGenerator; > } > >diff --git a/Source/JavaScriptCore/runtime/JSFunction.cpp b/Source/JavaScriptCore/runtime/JSFunction.cpp >index 50568e846b6a7f0388c9ea469df9edfc77504ab3..f8444240a356a6115142aae25a6ec8156327433d 100644 >--- a/Source/JavaScriptCore/runtime/JSFunction.cpp >+++ b/Source/JavaScriptCore/runtime/JSFunction.cpp >@@ -84,7 +84,7 @@ JSFunction* JSFunction::create(VM& vm, FunctionExecutable* executable, JSScope* > JSFunction* JSFunction::create(VM& vm, FunctionExecutable* executable, JSScope* scope, Structure* structure) > { > JSFunction* result = createImpl(vm, executable, scope, structure); >- executable->singletonFunction()->notifyWrite(vm, result, "Allocating a function"); >+ executable->notifyWrite(vm, result, "Allocating a function"); > return result; > } > >diff --git a/Source/JavaScriptCore/runtime/JSFunctionInlines.h b/Source/JavaScriptCore/runtime/JSFunctionInlines.h >index 1f302da3494134be425b39769786d93ceff35ac3..189021a2120d4a805397b7eea512cf142230bb81 100644 >--- a/Source/JavaScriptCore/runtime/JSFunctionInlines.h >+++ b/Source/JavaScriptCore/runtime/JSFunctionInlines.h >@@ -34,7 +34,7 @@ namespace JSC { > inline JSFunction* JSFunction::createWithInvalidatedReallocationWatchpoint( > VM& vm, FunctionExecutable* executable, JSScope* scope) > { >- ASSERT(executable->singletonFunction()->hasBeenInvalidated()); >+ ASSERT(executable->singletonFunctionHasBeenInvalidated()); > return createImpl(vm, executable, scope, selectStructureForNewFuncExp(scope->globalObject(vm), executable)); > } > >diff --git a/Source/JavaScriptCore/runtime/JSGeneratorFunction.cpp b/Source/JavaScriptCore/runtime/JSGeneratorFunction.cpp >index 05b3604cff02f76433a3d4bec7ec8df7edd7abf5..7a52b68c5d5c28a069b39729c2c19a7225ce2490 100644 >--- a/Source/JavaScriptCore/runtime/JSGeneratorFunction.cpp >+++ b/Source/JavaScriptCore/runtime/JSGeneratorFunction.cpp >@@ -60,7 +60,7 @@ JSGeneratorFunction* JSGeneratorFunction::create(VM& vm, FunctionExecutable* exe > JSGeneratorFunction* JSGeneratorFunction::create(VM& vm, FunctionExecutable* executable, JSScope* scope, Structure* structure) > { > JSGeneratorFunction* generatorFunction = createImpl(vm, executable, scope, structure); >- executable->singletonFunction()->notifyWrite(vm, generatorFunction, "Allocating a generator function"); >+ executable->notifyWrite(vm, generatorFunction, "Allocating a generator function"); > return generatorFunction; > } > >diff --git a/Source/JavaScriptCore/runtime/JSSymbolTableObject.h b/Source/JavaScriptCore/runtime/JSSymbolTableObject.h >index 0e8644eaea236c98d7e85de8ddaecea5b2321396..5aa6d49f8a1a12b795cd4daddf6f7640cf0097d8 100644 >--- a/Source/JavaScriptCore/runtime/JSSymbolTableObject.h >+++ b/Source/JavaScriptCore/runtime/JSSymbolTableObject.h >@@ -66,7 +66,8 @@ class JSSymbolTableObject : public JSScope { > void setSymbolTable(VM& vm, SymbolTable* symbolTable) > { > ASSERT(!m_symbolTable); >- symbolTable->singletonScope()->notifyWrite(vm, this, "Allocated a scope"); >+ if (auto* singletonScope = symbolTable->singletonScope()) >+ singletonScope->notifyWrite(vm, this, "Allocated a scope"); > m_symbolTable.set(vm, this, symbolTable); > } > >diff --git a/Source/JavaScriptCore/runtime/SymbolTable.cpp b/Source/JavaScriptCore/runtime/SymbolTable.cpp >index 6b95a0ed8638933b979da4fab5e948ea9ce267be..25a2a73d00ca52a075ad9692a402e497421b8697 100644 >--- a/Source/JavaScriptCore/runtime/SymbolTable.cpp >+++ b/Source/JavaScriptCore/runtime/SymbolTable.cpp >@@ -95,7 +95,8 @@ SymbolTable::~SymbolTable() { } > void SymbolTable::finishCreation(VM& vm) > { > Base::finishCreation(vm); >- m_singletonScope.set(vm, this, InferredValue::create(vm)); >+ if (VM::canUseJIT()) >+ m_singletonScope.set(vm, this, InferredValue::create(vm)); > } > > void SymbolTable::visitChildren(JSCell* thisCell, SlotVisitor& visitor) >diff --git a/Source/JavaScriptCore/runtime/VM.cpp b/Source/JavaScriptCore/runtime/VM.cpp >index 9b954c229bc0712dbf28c6cfd729f8c700d91617..d91b3b85417f0d1a9df3eae4e9d8341864b20772 100644 >--- a/Source/JavaScriptCore/runtime/VM.cpp >+++ b/Source/JavaScriptCore/runtime/VM.cpp >@@ -409,7 +409,8 @@ VM::VM(VMType vmType, HeapType heapType) > unlinkedFunctionCodeBlockStructure.set(*this, UnlinkedFunctionCodeBlock::createStructure(*this, 0, jsNull())); > unlinkedModuleProgramCodeBlockStructure.set(*this, UnlinkedModuleProgramCodeBlock::createStructure(*this, 0, jsNull())); > propertyTableStructure.set(*this, PropertyTable::createStructure(*this, 0, jsNull())); >- inferredValueStructure.set(*this, InferredValue::createStructure(*this, 0, jsNull())); >+ if (VM::canUseJIT()) >+ inferredValueStructure.set(*this, InferredValue::createStructure(*this, 0, jsNull())); > functionRareDataStructure.set(*this, FunctionRareData::createStructure(*this, 0, jsNull())); > exceptionStructure.set(*this, Exception::createStructure(*this, 0, jsNull())); > promiseDeferredStructure.set(*this, JSPromiseDeferred::createStructure(*this, 0, jsNull()));
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=360711">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
saam
:
review+
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 194084
:
360701
|
360702
|
360705
|
360706
|
360708
|
360710
| 360711