Changeset 212310 in webkit

Timestamp:

Feb 14, 2017 11:13:04 AM (7 years ago)

Author:

mark.lam@apple.com

Message:

Add JSC_sweepSynchronously and fix JSC_useZombieMode options.
​https://bugs.webkit.org/show_bug.cgi?id=168257
<rdar://problem/30451496>

Reviewed by Filip Pizlo.

JSC_useZombieMode now basically enables JSC_sweepSynchronously and
JSC_scribbleFreeCells, which together does the job of zombifying dead objects
immediately after a GC.

• heap/Heap.cpp:

(JSC::Heap::sweepSynchronously):
(JSC::Heap::collectAllGarbage):
(JSC::Heap::finalize):
(JSC::Heap::didFinishCollection):
(JSC::Zombify::visit): Deleted.
(JSC::Zombify::operator()): Deleted.
(JSC::Heap::zombifyDeadObjects): Deleted.

• heap/Heap.h:

(JSC::Heap::isZombified): Deleted.

• runtime/Options.cpp:

(JSC::recomputeDependentOptions):

• runtime/Options.h:

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• heap/Heap.cpp (modified) (5 diffs)
• heap/Heap.h (modified) (4 diffs)
• runtime/Options.cpp (modified) (1 diff)
• runtime/Options.h (modified) (1 diff)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2017-02-14  Mark Lam  <mark.lam@apple.com>
+
+        Add JSC_sweepSynchronously and fix JSC_useZombieMode options.
+        https://bugs.webkit.org/show_bug.cgi?id=168257
+        <rdar://problem/30451496>
+
+        Reviewed by Filip Pizlo.
+
+        JSC_useZombieMode now basically enables JSC_sweepSynchronously and
+        JSC_scribbleFreeCells, which together does the job of zombifying dead objects
+        immediately after a GC.
+
+        * heap/Heap.cpp:
+        (JSC::Heap::sweepSynchronously):
+        (JSC::Heap::collectAllGarbage):
+        (JSC::Heap::finalize):
+        (JSC::Heap::didFinishCollection):
+        (JSC::Zombify::visit): Deleted.
+        (JSC::Zombify::operator()): Deleted.
+        (JSC::Heap::zombifyDeadObjects): Deleted.
+        * heap/Heap.h:
+        (JSC::Heap::isZombified): Deleted.
+        * runtime/Options.cpp:
+        (JSC::recomputeDependentOptions):
+        * runtime/Options.h:
+
 2017-02-13  Michael Saboff  <msaboff@apple.com>
 

trunk/Source/JavaScriptCore/heap/Heap.cpp

@@ -1030 +1030 @@
 }
 
+void Heap::sweepSynchronously()
+{
+    double before = 0;
+    if (Options::logGC()) {
+        dataLog("[Full sweep: ", capacity() / 1024, "kb ");
+        before = currentTimeMS();
+    }
+    m_objectSpace.sweep();
+    m_objectSpace.shrink();
+    if (Options::logGC()) {
+        double after = currentTimeMS();
+        dataLog("=> ", capacity() / 1024, "kb, ", after - before, "ms] ");
+    }
+}
+
 void Heap::collectAllGarbage()
 {
@@ -1040 +1055 @@
     if (UNLIKELY(Options::useImmortalObjects()))
         sweeper()->willFinishSweeping();
-    else {
-        double before = 0;
-        if (Options::logGC()) {
-            dataLog("[Full sweep: ", capacity() / 1024, "kb ");
-            before = currentTimeMS();
-        }
-        m_objectSpace.sweep();
-        m_objectSpace.shrink();
-        if (Options::logGC()) {
-            double after = currentTimeMS();
-            dataLog("=> ", capacity() / 1024, "kb, ", after - before, "ms]\n");
-        }
+
+    bool alreadySweptInCollectSync = Options::sweepSynchronously();
+    if (!alreadySweptInCollectSync) {
+        sweepSynchronously();
+        if (Options::logGC())
+            dataLog("\n");
     }
     m_objectSpace.assertNoUnswept();
@@ -1596 +1605 @@
     if (HasOwnPropertyCache* cache = vm()->hasOwnPropertyCache())
         cache->clear();
+
+    if (Options::sweepSynchronously())
+        sweepSynchronously();
 
     if (Options::logGC()) {
@@ -1830 +1842 @@
         HeapStatistics::recordGCPauseTime(gcStartTime, gcEndTime);
 
-    if (Options::useZombieMode())
-        zombifyDeadObjects();
-
     if (Options::dumpObjectStatistics())
         HeapStatistics::dumpObjectStatistics(this);
@@ -1932 +1941 @@
     m_fullActivityCallback->setDidSyncGCRecently();
     collectAllGarbage();
-}
-
-class Zombify : public MarkedBlock::VoidFunctor {
-public:
-    inline void visit(HeapCell* cell) const
-    {
-        void** current = reinterpret_cast_ptr<void**>(cell);
-
-        // We want to maintain zapped-ness because that's how we know if we've called 
-        // the destructor.
-        if (cell->isZapped())
-            current++;
-
-        void* limit = static_cast<void*>(reinterpret_cast<char*>(cell) + cell->cellSize());
-        for (; current < limit; current++)
-            *current = zombifiedBits;
-    }
-    IterationStatus operator()(HeapCell* cell, HeapCell::Kind) const
-    {
-        visit(cell);
-        return IterationStatus::Continue;
-    }
-};
-
-void Heap::zombifyDeadObjects()
-{
-    // Sweep now because destructors will crash once we're zombified.
-    m_objectSpace.sweep();
-    HeapIterationScope iterationScope(*this);
-    m_objectSpace.forEachDeadCell(iterationScope, Zombify());
 }
 

trunk/Source/JavaScriptCore/heap/Heap.h

@@ -86 +86 @@
 }
 
-static void* const zombifiedBits = reinterpret_cast<void*>(static_cast<uintptr_t>(0xdeadbeef));
-
 typedef HashCountedSet<JSCell*> ProtectCountSet;
 typedef HashCountedSet<const char*> TypeCountSet;
@@ -168 +166 @@
     JS_EXPORT_PRIVATE void collectAllGarbageIfNotDoneRecently();
     JS_EXPORT_PRIVATE void collectAllGarbage();
+    JS_EXPORT_PRIVATE void sweepSynchronously();
 
     bool shouldCollectHeuristic();
@@ -259 +258 @@
     template<typename T> void releaseSoon(RetainPtr<T>&&);
 #endif
-
-    static bool isZombified(JSCell* cell) { return *(void**)cell == zombifiedBits; }
 
     JS_EXPORT_PRIVATE void registerWeakGCMap(void* weakGCMap, std::function<void()> pruningCallback);
@@ -449 +446 @@
     void didFinishCollection(double gcStartTime);
     void resumeCompilerThreads();
-    void zombifyDeadObjects();
     void gatherExtraHeapSnapshotData(HeapProfiler&);
     void removeDeadHeapSnapshotNodes(HeapProfiler&);

trunk/Source/JavaScriptCore/runtime/Options.cpp

@@ -435 +435 @@
         fastSetMaxSingleAllocationSize(std::numeric_limits<size_t>::max());
 #endif
+
+    if (Options::useZombieMode()) {
+        Options::sweepSynchronously() = true;
+        Options::scribbleFreeCells() = true;
+    }
+
     if (Options::useSigillCrashAnalyzer())
         enableSigillCrashAnalyzer();

trunk/Source/JavaScriptCore/runtime/Options.h

@@ -343 +343 @@
     v(unsigned, forcedWeakRandomSeed, 0, Normal, nullptr) \
     \
-    v(bool, useZombieMode, false, Normal, "debugging option to scribble over dead objects with 0xdeadbeef") \
+    v(bool, useZombieMode, false, Normal, "debugging option to scribble over dead objects with 0xbadbeef0") \
     v(bool, useImmortalObjects, false, Normal, "debugging option to keep all objects alive forever") \
+    v(bool, sweepSynchronously, false, Normal, "debugging option to sweep all dead objects synchronously at GC end before resuming mutator") \
     v(bool, dumpObjectStatistics, false, Normal, nullptr) \
     v(unsigned, maxSingleAllocationSize, 0, Configurable, "debugging option to limit individual allocations to a max size (0 = limit not set, N = limit size in bytes)") \