Changeset 220322 in webkit

Timestamp:

Aug 5, 2017 9:43:37 PM (7 years ago)

Author:

fpizlo@apple.com

Message:

REGRESSION (r219895-219897): Number of leaks on Open Source went from 9240 to 235983 and is now at 302372
​https://bugs.webkit.org/show_bug.cgi?id=175083

Reviewed by Oliver Hunt.

Source/JavaScriptCore:

This fixes the leak by making MarkedBlock::specializedSweep call destructors when the block is empty,
even if we are using the pop path.

Also, this fixes HeapCellInlines.h to no longer include MarkedBlockInlines.h. That's pretty
important, since MarkedBlockInlines.h is the GC's internal guts - we don't want to have to recompile
the world just because we changed it.

Finally, this adds a new testing SPI for waiting for all VMs to finish destructing. This makes it
easier to debug leaks.

• bytecode/AccessCase.cpp:
• bytecode/PolymorphicAccess.cpp:
• heap/HeapCell.cpp:

(JSC::HeapCell::isLive):

• heap/HeapCellInlines.h:

(JSC::HeapCell::isLive): Deleted.

• heap/MarkedAllocator.cpp:

(JSC::MarkedAllocator::tryAllocateWithoutCollecting):
(JSC::MarkedAllocator::endMarking):

• heap/MarkedBlockInlines.h:

(JSC::MarkedBlock::Handle::specializedSweep):

• jit/AssemblyHelpers.cpp:
• jit/Repatch.cpp:
• runtime/TestRunnerUtils.h:
• runtime/VM.cpp:

(JSC::waitForVMDestruction):
(JSC::VM::~VM):

Source/WTF:

Adds a classic ReadWriteLock class. I wrote my own because I can never remember if the pthread one is
guaranted to bias in favor of writers or not.

• WTF.xcodeproj/project.pbxproj:
• wtf/Condition.h:

(WTF::ConditionBase::construct):
(WTF::Condition::Condition):

• wtf/Lock.h:

(WTF::LockBase::construct):
(WTF::Lock::Lock):

• wtf/ReadWriteLock.cpp: Added.

(WTF::ReadWriteLockBase::construct):
(WTF::ReadWriteLockBase::readLock):
(WTF::ReadWriteLockBase::readUnlock):
(WTF::ReadWriteLockBase::writeLock):
(WTF::ReadWriteLockBase::writeUnlock):

• wtf/ReadWriteLock.h: Added.

(WTF::ReadWriteLockBase::ReadLock::tryLock):
(WTF::ReadWriteLockBase::ReadLock::lock):
(WTF::ReadWriteLockBase::ReadLock::unlock):
(WTF::ReadWriteLockBase::WriteLock::tryLock):
(WTF::ReadWriteLockBase::WriteLock::lock):
(WTF::ReadWriteLockBase::WriteLock::unlock):
(WTF::ReadWriteLockBase::read):
(WTF::ReadWriteLockBase::write):
(WTF::ReadWriteLock::ReadWriteLock):

Tools:

Leaks results are super confusing if leaks runs while some VMs are destructing. This calls a new SPI
to wait for VM destructions to finish before running the next test. This makes it easier to
understand leaks results from workers tests, and leads to fewer reported leaks.

• DumpRenderTree/mac/DumpRenderTree.mm:

(runTest):

Location:

trunk

Files:

• Source/JavaScriptCore/ChangeLog (modified) (1 diff)
• Source/JavaScriptCore/bytecode/AccessCase.cpp (modified) (1 diff)
• Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp (modified) (1 diff)
• Source/JavaScriptCore/heap/HeapCell.cpp (modified) (1 diff)
• Source/JavaScriptCore/heap/HeapCellInlines.h (modified) (1 diff)
• Source/JavaScriptCore/heap/MarkedAllocator.cpp (modified) (3 diffs)
• Source/JavaScriptCore/heap/MarkedBlockInlines.h (modified) (1 diff)
• Source/JavaScriptCore/jit/AssemblyHelpers.cpp (modified) (1 diff)
• Source/JavaScriptCore/jit/Repatch.cpp (modified) (1 diff)
• Source/JavaScriptCore/runtime/TestRunnerUtils.h (modified) (2 diffs)
• Source/JavaScriptCore/runtime/VM.cpp (modified) (3 diffs)
• Source/WTF/ChangeLog (modified) (1 diff)
• Source/WTF/WTF.xcodeproj/project.pbxproj (modified) (4 diffs)
• Source/WTF/wtf/CMakeLists.txt (modified) (2 diffs)
• Source/WTF/wtf/Condition.h (modified) (3 diffs)
• Source/WTF/wtf/Lock.h (modified) (3 diffs)
• Source/WTF/wtf/ReadWriteLock.cpp (added)
• Source/WTF/wtf/ReadWriteLock.h (added)
• Tools/ChangeLog (modified) (1 diff)
• Tools/DumpRenderTree/mac/DumpRenderTree.mm (modified) (1 diff)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2017-08-05  Filip Pizlo  <fpizlo@apple.com>
+
+        REGRESSION (r219895-219897): Number of leaks on Open Source went from 9240 to 235983 and is now at 302372
+        https://bugs.webkit.org/show_bug.cgi?id=175083
+
+        Reviewed by Oliver Hunt.
+        
+        This fixes the leak by making MarkedBlock::specializedSweep call destructors when the block is empty,
+        even if we are using the pop path.
+        
+        Also, this fixes HeapCellInlines.h to no longer include MarkedBlockInlines.h. That's pretty
+        important, since MarkedBlockInlines.h is the GC's internal guts - we don't want to have to recompile
+        the world just because we changed it.
+        
+        Finally, this adds a new testing SPI for waiting for all VMs to finish destructing. This makes it
+        easier to debug leaks.
+
+        * bytecode/AccessCase.cpp:
+        * bytecode/PolymorphicAccess.cpp:
+        * heap/HeapCell.cpp:
+        (JSC::HeapCell::isLive):
+        * heap/HeapCellInlines.h:
+        (JSC::HeapCell::isLive): Deleted.
+        * heap/MarkedAllocator.cpp:
+        (JSC::MarkedAllocator::tryAllocateWithoutCollecting):
+        (JSC::MarkedAllocator::endMarking):
+        * heap/MarkedBlockInlines.h:
+        (JSC::MarkedBlock::Handle::specializedSweep):
+        * jit/AssemblyHelpers.cpp:
+        * jit/Repatch.cpp:
+        * runtime/TestRunnerUtils.h:
+        * runtime/VM.cpp:
+        (JSC::waitForVMDestruction):
+        (JSC::VM::~VM):
+
 2017-08-05  Mark Lam  <mark.lam@apple.com>
 

trunk/Source/JavaScriptCore/bytecode/AccessCase.cpp

@@ -47 +47 @@
 #include "SlotVisitorInlines.h"
 #include "StructureStubInfo.h"
+#include "SuperSampler.h"
 #include "ThunkGenerators.h"
 

trunk/Source/JavaScriptCore/bytecode/PolymorphicAccess.cpp

@@ -39 +39 @@
 #include "StructureStubClearingWatchpoint.h"
 #include "StructureStubInfo.h"
+#include "SuperSampler.h"
 #include <wtf/CommaPrinter.h>
 #include <wtf/ListDump.h>

trunk/Source/JavaScriptCore/heap/HeapCell.cpp

@@ -27 +27 @@
 #include "HeapCell.h"
 
+#include "HeapCellInlines.h"
+#include "MarkedBlockInlines.h"
 #include <wtf/PrintStream.h>
 
 namespace JSC {
+
+bool HeapCell::isLive()
+{
+    if (isLargeAllocation())
+        return largeAllocation().isLive();
+    auto& markedBlockHandle = markedBlock().handle();
+    if (markedBlockHandle.isFreeListed())
+        return !markedBlockHandle.isFreeListedCell(this);
+    return markedBlockHandle.isLive(this);
+}
 
 #if !COMPILER(GCC_OR_CLANG)

trunk/Source/JavaScriptCore/heap/HeapCellInlines.h

@@ -29 +29 @@
 #include "HeapCell.h"
 #include "LargeAllocation.h"
-#include "MarkedBlockInlines.h"
 #include "VM.h"
 
 namespace JSC {
-
-ALWAYS_INLINE bool HeapCell::isLive()
-{
-    if (isLargeAllocation())
-        return largeAllocation().isLive();
-    auto& markedBlockHandle = markedBlock().handle();
-    if (markedBlockHandle.isFreeListed())
-        return !markedBlockHandle.isFreeListedCell(this);
-    return markedBlockHandle.isLive(this);
-}
 
 ALWAYS_INLINE bool HeapCell::isLargeAllocation() const

trunk/Source/JavaScriptCore/heap/MarkedAllocator.cpp

@@ -40 +40 @@
 namespace JSC {
 
+static constexpr bool tradeDestructorBlocks = true;
+
 MarkedAllocator::MarkedAllocator(Heap* heap, Subspace* subspace, size_t cellSize)
     : m_freeList(cellSize)
@@ -103 +105 @@
     }
     
-    if (Options::stealEmptyBlocksFromOtherAllocators()) {
+    if (Options::stealEmptyBlocksFromOtherAllocators()
+        && (tradeDestructorBlocks || !needsDestruction())) {
         if (MarkedBlock::Handle* block = m_subspace->findEmptyBlockToSteal()) {
             RELEASE_ASSERT(block->alignedMemoryAllocator() == m_subspace->alignedMemoryAllocator());
@@ -382 +385 @@
     // vectors.
     
-    m_empty = m_live & ~m_markingNotEmpty;
-    m_canAllocateButNotEmpty = m_live & m_markingNotEmpty & ~m_markingRetired;
+    if (!tradeDestructorBlocks && needsDestruction()) {
+        ASSERT(m_empty.isEmpty());
+        m_canAllocateButNotEmpty = m_live & ~m_markingRetired;
+    } else {
+        m_empty = m_live & ~m_markingNotEmpty;
+        m_canAllocateButNotEmpty = m_live & m_markingNotEmpty & ~m_markingRetired;
+    }
+    
     if (needsDestruction()) {
         // There are some blocks that we didn't allocate out of in the last cycle, but we swept them. This

trunk/Source/JavaScriptCore/heap/MarkedBlockInlines.h

@@ -224 +224 @@
         HeapCell* cell = reinterpret_cast_ptr<HeapCell*>(&block.atoms()[i]);
 
-        if (destructionMode != BlockHasNoDestructors && emptyMode == NotEmpty)
+        if (destructionMode != BlockHasNoDestructors)
             destroy(cell);
 

trunk/Source/JavaScriptCore/jit/AssemblyHelpers.cpp

@@ -33 +33 @@
 #include "LinkBuffer.h"
 #include "MaxFrameExtentForSlowPathCall.h"
+#include "SuperSampler.h"
 #include "ThunkGenerators.h"
 

trunk/Source/JavaScriptCore/jit/Repatch.cpp

@@ -59 +59 @@
 #include "StructureStubClearingWatchpoint.h"
 #include "StructureStubInfo.h"
+#include "SuperSampler.h"
 #include "ThunkGenerators.h"
 #include <wtf/CommaPrinter.h>

trunk/Source/JavaScriptCore/runtime/TestRunnerUtils.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2013-2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -55 +55 @@
 JS_EXPORT_PRIVATE void finalizeStatsAtEndOfTesting();
 
+JS_EXPORT_PRIVATE void waitForVMDestruction();
+
 } // namespace JSC

trunk/Source/JavaScriptCore/runtime/VM.cpp

@@ -102 +102 @@
 #include "StrongInlines.h"
 #include "StructureInlines.h"
+#include "TestRunnerUtils.h"
 #include "ThunkGenerators.h"
 #include "TypeProfiler.h"
@@ -114 +115 @@
 #include <wtf/CurrentTime.h>
 #include <wtf/ProcessID.h>
+#include <wtf/ReadWriteLock.h>
 #include <wtf/SimpleStats.h>
 #include <wtf/StringPrintStream.h>
@@ -342 +344 @@
 }
 
+static StaticReadWriteLock s_destructionLock;
+
+void waitForVMDestruction()
+{
+    auto locker = holdLock(s_destructionLock.write());
+}
+
 VM::~VM()
 {
+    auto destructionLocker = holdLock(s_destructionLock.read());
+    
     Gigacage::removeDisableCallback(gigacageDisabledCallback, this);
     promiseDeferredTimer->stopRunningTasks();

trunk/Source/WTF/ChangeLog

@@ +1 @@
+2017-08-05  Filip Pizlo  <fpizlo@apple.com>
+
+        REGRESSION (r219895-219897): Number of leaks on Open Source went from 9240 to 235983 and is now at 302372
+        https://bugs.webkit.org/show_bug.cgi?id=175083
+
+        Reviewed by Oliver Hunt.
+        
+        Adds a classic ReadWriteLock class. I wrote my own because I can never remember if the pthread one is
+        guaranted to bias in favor of writers or not.
+
+        * WTF.xcodeproj/project.pbxproj:
+        * wtf/Condition.h:
+        (WTF::ConditionBase::construct):
+        (WTF::Condition::Condition):
+        * wtf/Lock.h:
+        (WTF::LockBase::construct):
+        (WTF::Lock::Lock):
+        * wtf/ReadWriteLock.cpp: Added.
+        (WTF::ReadWriteLockBase::construct):
+        (WTF::ReadWriteLockBase::readLock):
+        (WTF::ReadWriteLockBase::readUnlock):
+        (WTF::ReadWriteLockBase::writeLock):
+        (WTF::ReadWriteLockBase::writeUnlock):
+        * wtf/ReadWriteLock.h: Added.
+        (WTF::ReadWriteLockBase::ReadLock::tryLock):
+        (WTF::ReadWriteLockBase::ReadLock::lock):
+        (WTF::ReadWriteLockBase::ReadLock::unlock):
+        (WTF::ReadWriteLockBase::WriteLock::tryLock):
+        (WTF::ReadWriteLockBase::WriteLock::lock):
+        (WTF::ReadWriteLockBase::WriteLock::unlock):
+        (WTF::ReadWriteLockBase::read):
+        (WTF::ReadWriteLockBase::write):
+        (WTF::ReadWriteLock::ReadWriteLock):
+
 2017-08-04  Matt Lewis  <jlewis3@apple.com>
 

trunk/Source/WTF/WTF.xcodeproj/project.pbxproj

@@ -39 +39 @@
                 0FE1646A1B6FFC9600400E7C /* Lock.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FE164681B6FFC9600400E7C /* Lock.cpp */; };
                 0FE4479C1B7AAA03009498EB /* WordLock.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FE4479A1B7AAA03009498EB /* WordLock.cpp */; };
+                0FEC3C5E1F368A9700F59B6C /* ReadWriteLock.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FEC3C5C1F368A9700F59B6C /* ReadWriteLock.cpp */; };
                 0FFF19DC1BB334EB00886D91 /* ParallelHelperPool.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FFF19DA1BB334EB00886D91 /* ParallelHelperPool.cpp */; };
                 14022F4118F5C3FC007FF0EB /* libbmalloc.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 14022F4018F5C3FC007FF0EB /* libbmalloc.a */; };
@@ -226 +227 @@
                 0FEB3DD01BB7366B009D7AAD /* ParallelVectorIterator.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ParallelVectorIterator.h; sourceTree = "<group>"; };
                 0FEC3C4F1F323C6800F59B6C /* CagedPtr.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = CagedPtr.h; sourceTree = "<group>"; };
+                0FEC3C5C1F368A9700F59B6C /* ReadWriteLock.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = ReadWriteLock.cpp; sourceTree = "<group>"; };
+                0FEC3C5D1F368A9700F59B6C /* ReadWriteLock.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = ReadWriteLock.h; sourceTree = "<group>"; };
                 0FEC84AE1BD825310080FF74 /* GraphNodeWorklist.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = GraphNodeWorklist.h; sourceTree = "<group>"; };
                 0FEC84B01BDACD390080FF74 /* ScopedLambda.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ScopedLambda.h; sourceTree = "<group>"; };
@@ -910 +913 @@
                                 0F725CAB1C50461600AD943A /* RangeSet.h */,
                                 0F87105916643F190090B0AD /* RawPointer.h */,
+                                0FEC3C5C1F368A9700F59B6C /* ReadWriteLock.cpp */,
+                                0FEC3C5D1F368A9700F59B6C /* ReadWriteLock.h */,
                                 0FDE87F61DFD07CC0064C390 /* RecursiveLockAdapter.h */,
                                 A8A472FE151A825B004123FF /* RedBlackTree.h */,
@@ -1338 +1343 @@
                                 0FE1646A1B6FFC9600400E7C /* Lock.cpp in Sources */,
                                 0F60F32F1DFCBD1B00416D6C /* LockedPrintStream.cpp in Sources */,
+                                0FEC3C5E1F368A9700F59B6C /* ReadWriteLock.cpp in Sources */,
                                 53534F2A1EC0E10E00141B2F /* MachExceptions.defs in Sources */,
                                 A8A473E5151A825B004123FF /* MainThread.cpp in Sources */,

trunk/Source/WTF/wtf/CMakeLists.txt

@@ -111 +111 @@
     RangeSet.h
     RawPointer.h
+    ReadWriteLock.h
     RecursiveLockAdapter.h
     RedBlackTree.h
@@ -242 +243 @@
     RandomDevice.cpp
     RandomNumber.cpp
+    ReadWriteLock.cpp
     RefCountedLeakCounter.cpp
     RunLoop.cpp

trunk/Source/WTF/wtf/Condition.h

@@ -50 +50 @@
     // are unlikely to be affected by the cost of conversions, it is better to use MonotonicTime.
     typedef ParkingLot::Time Time;
+    
+    void construct()
+    {
+        m_hasWaiters.store(false);
+    }
     
     // Wait on a parking queue while releasing the given lock. It will unlock the lock just before
@@ -169 +174 @@
     }
     
-protected:
+private:
     Atomic<bool> m_hasWaiters;
 };
@@ -178 +183 @@
     Condition()
     {
-        m_hasWaiters.store(false);
+        construct();
     }
 };

trunk/Source/WTF/wtf/Lock.h

@@ -53 +53 @@
 // Use Lock in instance variables.
 struct LockBase {
+    void construct()
+    {
+        m_byte.store(0, std::memory_order_relaxed);
+    }
+    
     void lock()
     {
@@ -111 +116 @@
     }
 
-protected:
+private:
     friend struct TestWebKitAPI::LockInspector;
     
@@ -137 +142 @@
     Lock()
     {
-        m_byte.store(0, std::memory_order_relaxed);
+        construct();
     }
 };

trunk/Tools/ChangeLog

@@ +1 @@
+2017-08-05  Filip Pizlo  <fpizlo@apple.com>
+
+        REGRESSION (r219895-219897): Number of leaks on Open Source went from 9240 to 235983 and is now at 302372
+        https://bugs.webkit.org/show_bug.cgi?id=175083
+
+        Reviewed by Oliver Hunt.
+        
+        Leaks results are super confusing if leaks runs while some VMs are destructing. This calls a new SPI
+        to wait for VM destructions to finish before running the next test. This makes it easier to 
+        understand leaks results from workers tests, and leads to fewer reported leaks.
+
+        * DumpRenderTree/mac/DumpRenderTree.mm:
+        (runTest):
+
 2017-08-05  Yoshiaki Jitsukawa  <Yoshiaki.Jitsukawa@sony.com>
 

trunk/Tools/DumpRenderTree/mac/DumpRenderTree.mm

@@ -2089 +2089 @@
     if (gcBetweenTests)
         [WebCoreStatistics garbageCollectJavaScriptObjects];
+    
+    JSC::waitForVMDestruction();
 
     fputs("#EOF\n", stderr);