WebKit Bugzilla
Attachment 362315 Details for
Bug 194784
: [JSC] Add LazyClassStructure::getInitializedOnMainThread
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-194784-20190218123135.patch (text/plain), 8.91 KB, created by
Yusuke Suzuki
on 2019-02-18 12:31:36 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Yusuke Suzuki
Created:
2019-02-18 12:31:36 PST
Size:
8.91 KB
patch
obsolete
>Subversion Revision: 241730 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index b7abc6e3ee0a7a9e1cf2e2453930d29dbfe80b9e..5af3a1a02b0aabf0f0fb7b26d332d1a89916a784 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,37 @@ >+2019-02-18 Yusuke Suzuki <ysuzuki@apple.com> >+ >+ [JSC] Add LazyClassStructure::getInitializedOnMainThread >+ https://bugs.webkit.org/show_bug.cgi?id=194784 >+ <rdar://problem/48154820> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ LazyClassStructure::get and LazyProperty::get functions do not allow compiler threads to call them. But booleanPrototype, numberPrototype and symbolPrototype cases, >+ we would like to call them from compiler threads. We eagerly initialize them if VM::canUseJIT() is true, so that compiler threads can safely call LazyClassStructure::get >+ and LazyProperty::get for booleanPrototype, numberPrototype and symbolPrototype. But still assertion hits because the assertion requires that these functions need to be >+ called in non compiler threads. Calling `getConcurrently()` is not possible since symbolPrototype() function is called from both the main thread and compiler threads, >+ and we would like to lazily initialize SymbolPrototype object if it is called from the main thread, which can happen with non-JIT configuration. >+ >+ This patch adds `getInitializedOnMainThread()`. Compiler threads can call it only when we know that the value is already initialized on the main thread. The main thread >+ can call it at anytime and this function lazily initializes the value. This is useful to make some of prototypes lazy with non-JIT configuration: With non-JIT configuration, >+ this function is always called from the main thread and it initializes the value lazily. Non-JIT configuration does not care about compiler threads since they do not exist. >+ With JIT configuration, we eagerly initialize them in JSGlobalObject::init so that `getInitializedOnMainThread()` always succeeds. >+ >+ Basically, `getInitializedOnMainThread()` is `get` with different assertion location: While `get` always crashes if it is called from compiler threads, `getInitializedOnMainThread()` >+ crashes only when actual initialization happens on compiler threads. We do not merge them since `get` is still useful to find accidental initialization from compiler threads. >+ >+ * runtime/JSGlobalObject.h: >+ (JSC::JSGlobalObject::booleanPrototype const): >+ (JSC::JSGlobalObject::numberPrototype const): >+ (JSC::JSGlobalObject::symbolPrototype const): >+ * runtime/LazyClassStructure.h: >+ (JSC::LazyClassStructure::getInitializedOnMainThread const): >+ (JSC::LazyClassStructure::prototypeInitializedOnMainThread const): >+ (JSC::LazyClassStructure::constructorInitializedOnMainThread const): >+ * runtime/LazyProperty.h: >+ (JSC::LazyProperty::get const): >+ (JSC::LazyProperty::getInitializedOnMainThread const): >+ > 2019-02-18 Eric Carlson <eric.carlson@apple.com> > > Add MSE logging configuration >diff --git a/Source/JavaScriptCore/runtime/JSGlobalObject.h b/Source/JavaScriptCore/runtime/JSGlobalObject.h >index 06e0093b2b5954eda651c14ddf2e319fa64636ba..befbd227a99513ddd57989998a6575ee53444275 100644 >--- a/Source/JavaScriptCore/runtime/JSGlobalObject.h >+++ b/Source/JavaScriptCore/runtime/JSGlobalObject.h >@@ -622,12 +622,12 @@ class JSGlobalObject : public JSSegmentedVariableObject { > ObjectPrototype* objectPrototype() const { return m_objectPrototype.get(); } > FunctionPrototype* functionPrototype() const { return m_functionPrototype.get(); } > ArrayPrototype* arrayPrototype() const { return m_arrayPrototype.get(); } >- JSObject* booleanPrototype() const { return m_booleanObjectStructure.prototype(this); } >+ JSObject* booleanPrototype() const { return m_booleanObjectStructure.prototypeInitializedOnMainThread(this); } > StringPrototype* stringPrototype() const { return m_stringPrototype.get(); } >- JSObject* numberPrototype() const { return m_numberObjectStructure.prototype(this); } >+ JSObject* numberPrototype() const { return m_numberObjectStructure.prototypeInitializedOnMainThread(this); } > BigIntPrototype* bigIntPrototype() const { return m_bigIntPrototype.get(); } > JSObject* datePrototype() const { return m_dateStructure.prototype(this); } >- JSObject* symbolPrototype() const { return m_symbolObjectStructure.prototype(this); } >+ JSObject* symbolPrototype() const { return m_symbolObjectStructure.prototypeInitializedOnMainThread(this); } > RegExpPrototype* regExpPrototype() const { return m_regExpPrototype.get(); } > ErrorPrototype* errorPrototype() const { return m_errorPrototype.get(); } > IteratorPrototype* iteratorPrototype() const { return m_iteratorPrototype.get(); } >diff --git a/Source/JavaScriptCore/runtime/LazyClassStructure.h b/Source/JavaScriptCore/runtime/LazyClassStructure.h >index 66d44c9bccd9582209c528f0ddbab6129b2216c9..164a998813fc297f26bd64500d96536c57b6848f 100644 >--- a/Source/JavaScriptCore/runtime/LazyClassStructure.h >+++ b/Source/JavaScriptCore/runtime/LazyClassStructure.h >@@ -105,6 +105,23 @@ class LazyClassStructure { > { > return m_constructor.get(); > } >+ >+ // Call this "InitializedOnMainThread" function if we would like to (1) get a value from a compiler thread which must be initialized on the main thread and (2) initialize a value if we are on the main thread. >+ Structure* getInitializedOnMainThread(const JSGlobalObject* global) const >+ { >+ return m_structure.getInitializedOnMainThread(global); >+ } >+ >+ JSObject* prototypeInitializedOnMainThread(const JSGlobalObject* global) const >+ { >+ return getInitializedOnMainThread(global)->storedPrototypeObject(); >+ } >+ >+ JSObject* constructorInitializedOnMainThread(const JSGlobalObject* global) const >+ { >+ m_structure.getInitializedOnMainThread(global); >+ return m_constructor.get(); >+ } > > void visit(SlotVisitor&); > >diff --git a/Source/JavaScriptCore/runtime/LazyProperty.h b/Source/JavaScriptCore/runtime/LazyProperty.h >index 169f202b2057a46ab11a535efb17b3cb0af8233d..ff0ac16438487de3a80a5fcaadbf5fe016c13133 100644 >--- a/Source/JavaScriptCore/runtime/LazyProperty.h >+++ b/Source/JavaScriptCore/runtime/LazyProperty.h >@@ -79,11 +79,7 @@ class LazyProperty { > ElementType* get(const OwnerType* owner) const > { > ASSERT(!isCompilationThread()); >- if (UNLIKELY(m_pointer & lazyTag)) { >- FuncType func = *bitwise_cast<FuncType*>(m_pointer & ~(lazyTag | initializingTag)); >- return func(Initializer(const_cast<OwnerType*>(owner), *const_cast<LazyProperty*>(this))); >- } >- return bitwise_cast<ElementType*>(m_pointer); >+ return getInitializedOnMainThread(owner); > } > > ElementType* getConcurrently() const >@@ -93,6 +89,16 @@ class LazyProperty { > return nullptr; > return bitwise_cast<ElementType*>(pointer); > } >+ >+ ElementType* getInitializedOnMainThread(const OwnerType* owner) const >+ { >+ if (UNLIKELY(m_pointer & lazyTag)) { >+ ASSERT(!isCompilationThread()); >+ FuncType func = *bitwise_cast<FuncType*>(m_pointer & ~(lazyTag | initializingTag)); >+ return func(Initializer(const_cast<OwnerType*>(owner), *const_cast<LazyProperty*>(this))); >+ } >+ return bitwise_cast<ElementType*>(m_pointer); >+ } > > void setMayBeNull(VM&, const OwnerType* owner, ElementType*); > void set(VM&, const OwnerType* owner, ElementType*); >diff --git a/JSTests/ChangeLog b/JSTests/ChangeLog >index b07397972ddc407661492d0f884ac363cc6ecead..d7d469e60bb4aab4da659d88bcf26beec9390d84 100644 >--- a/JSTests/ChangeLog >+++ b/JSTests/ChangeLog >@@ -1,3 +1,16 @@ >+2019-02-18 Yusuke Suzuki <ysuzuki@apple.com> >+ >+ [JSC] Add LazyClassStructure::getInitializedOnMainThread >+ https://bugs.webkit.org/show_bug.cgi?id=194784 >+ <rdar://problem/48154820> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * stress/lazy-initialization-done-a-priori-if-jit-enabled.js: Added. >+ (getProperties): >+ (getRandomProperty): >+ (i.catch): >+ > 2019-02-18 Dominik Infuehr <dinfuehr@igalia.com> > > [ARM] Test gardening: Test running out of executable memory >diff --git a/JSTests/stress/lazy-initialization-done-a-priori-if-jit-enabled.js b/JSTests/stress/lazy-initialization-done-a-priori-if-jit-enabled.js >new file mode 100644 >index 0000000000000000000000000000000000000000..ddba41762833d254a3b760b0e6784ed7a759ad34 >--- /dev/null >+++ b/JSTests/stress/lazy-initialization-done-a-priori-if-jit-enabled.js >@@ -0,0 +1,14 @@ >+function getProperties(obj) { >+ let proto = Object.getPrototypeOf(obj); >+} >+function getRandomProperty(obj) { >+ let properties = getProperties(obj); >+} >+var number = 981428; >+getRandomProperty(number); >+for (var i = 0; i < 100000; ++i) { >+ try { >+ undef, void false; >+ } catch (e) { >+ } >+}
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=362315">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
mark.lam
:
review+
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 194784
: 362315