Changeset 262570 in webkit

Timestamp:

Jun 4, 2020, 2:07:42 PM (5 years ago)

Author:

mark.lam@apple.com

Message:

Add Options::validateDoesGC() for turning DoesGC validation on/off.
​https://bugs.webkit.org/show_bug.cgi?id=212773

Reviewed by Saam Barati.

It will default to on if ASSERT_ENABLED because we want testing to be done with
the validation on. When needed, we can turn it off if we need to e.g. to
de-clutter disassembly dumps while debugging.

If Options::validateDoesGC() is false, we turn off JIT code emission for this
check, as well as skip the validation checks. There are still places in C++
code that store to DoesGC::m_value without checking Options::validateDoesGC().
It doesn't hurt to just let these stores proceed, and performance-wise, it's
probably cheaper to just do the store unconditionally than to gate it on a load of
Options::validateDoesGC() first.

Also made it explicit that the check on validateDFGDoesGC is a constexpr check.

• dfg/DFGDoesGCCheck.cpp:

(JSC::DFG::DoesGCCheck::verifyCanGC):

• dfg/DFGOSRExit.cpp:

(JSC::DFG::OSRExit::compileExit):

• dfg/DFGSpeculativeJIT32_64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

• dfg/DFGSpeculativeJIT64.cpp:

(JSC::DFG::SpeculativeJIT::compile):

• ftl/FTLLowerDFGToB3.cpp:

(JSC::FTL::DFG::LowerDFGToB3::compileNode):

• ftl/FTLOSRExitCompiler.cpp:

(JSC::FTL::compileStub):

• runtime/OptionsList.h:

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• dfg/DFGDoesGCCheck.cpp (modified) (2 diffs)
• dfg/DFGOSRExit.cpp (modified) (2 diffs)
• dfg/DFGSpeculativeJIT32_64.cpp (modified) (1 diff)
• dfg/DFGSpeculativeJIT64.cpp (modified) (1 diff)
• ftl/FTLLowerDFGToB3.cpp (modified) (1 diff)
• ftl/FTLOSRExitCompiler.cpp (modified) (2 diffs)
• heap/CompleteSubspace.cpp (modified) (2 diffs)
• heap/CompleteSubspaceInlines.h (modified) (1 diff)
• heap/DeferGC.h (modified) (1 diff)
• heap/GCDeferralContextInlines.h (modified) (1 diff)
• heap/Heap.cpp (modified) (6 diffs)
• heap/HeapInlines.h (modified) (3 diffs)
• heap/LocalAllocatorInlines.h (modified) (2 diffs)
• heap/PreciseAllocation.cpp (modified) (3 diffs)
• runtime/JSString.h (modified) (8 diffs)
• runtime/OptionsList.h (modified) (1 diff)
• runtime/RegExpMatchesArray.h (modified) (2 diffs)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2020-06-04  Mark Lam  <mark.lam@apple.com>
+
+        Add Options::validateDoesGC() for turning DoesGC validation on/off.
+        https://bugs.webkit.org/show_bug.cgi?id=212773
+
+        Reviewed by Saam Barati.
+
+        It will default to on if ASSERT_ENABLED because we want testing to be done with
+        the validation on.  When needed, we can turn it off if we need to e.g. to
+        de-clutter disassembly dumps while debugging.
+
+        If Options::validateDoesGC() is false, we turn off JIT code emission for this
+        check, as well as skip the validation checks.  There are still places in C++
+        code that store to DoesGC::m_value without checking Options::validateDoesGC().
+        It doesn't hurt to just let these stores proceed, and performance-wise, it's
+        probably cheaper to just do the store unconditionally than to gate it on a load of
+        Options::validateDoesGC() first.
+
+        Also made it explicit that the check on validateDFGDoesGC is a constexpr check.
+
+        * dfg/DFGDoesGCCheck.cpp:
+        (JSC::DFG::DoesGCCheck::verifyCanGC):
+        * dfg/DFGOSRExit.cpp:
+        (JSC::DFG::OSRExit::compileExit):
+        * dfg/DFGSpeculativeJIT32_64.cpp:
+        (JSC::DFG::SpeculativeJIT::compile):
+        * dfg/DFGSpeculativeJIT64.cpp:
+        (JSC::DFG::SpeculativeJIT::compile):
+        * ftl/FTLLowerDFGToB3.cpp:
+        (JSC::FTL::DFG::LowerDFGToB3::compileNode):
+        * ftl/FTLOSRExitCompiler.cpp:
+        (JSC::FTL::compileStub):
+        * runtime/OptionsList.h:
+
 2020-06-04  Ross Kirsling  <ross.kirsling@sony.com>
 

trunk/Source/JavaScriptCore/dfg/DFGDoesGCCheck.cpp

@@ -31 +31 @@
 #include "DFGNodeType.h"
 #include "Heap.h"
+#include "Options.h"
 #include "VMInspector.h"
 #include <wtf/DataLog.h>
@@ -46 +47 @@
     // in the header file.
     static_assert(numberOfNodeTypes <= (1 << nodeOpBits));
+
+    if (!Options::validateDoesGC())
+        return;
 
     if (!expectDoesGC()) {

trunk/Source/JavaScriptCore/dfg/DFGOSRExit.cpp

@@ -144 +144 @@
     auto scope = DECLARE_THROW_SCOPE(vm);
 
-    if (validateDFGDoesGC) {
+    if constexpr (validateDFGDoesGC) {
         // We're about to exit optimized code. So, there's no longer any optimized
         // code running that expects no GC.
@@ -552 +552 @@
 
 #if USE(JSVALUE64)
-    if (validateDFGDoesGC) {
-        // We're about to exit optimized code. So, there's no longer any optimized
-        // code running that expects no GC. We need to set this before arguments
-        // materialization below (see emitRestoreArguments()).
-
-        // Even though we set Heap::m_doesGC in compileOSRExit(), we also need
-        // to set it here because compileOSRExit() is only called on the first time
-        // we exit from this site, but all subsequent exits will take this compiled
-        // ramp without calling compileOSRExit() first.
-        jit.store32(CCallHelpers::TrustedImm32(DoesGCCheck::encode(true, DoesGCCheck::Special::DFGOSRExit)), vm.heap.addressOfDoesGC());
+    if constexpr (validateDFGDoesGC) {
+        if (Options::validateDoesGC()) {
+            // We're about to exit optimized code. So, there's no longer any optimized
+            // code running that expects no GC. We need to set this before arguments
+            // materialization below (see emitRestoreArguments()).
+
+            // Even though we set Heap::m_doesGC in compileOSRExit(), we also need
+            // to set it here because compileOSRExit() is only called on the first time
+            // we exit from this site, but all subsequent exits will take this compiled
+            // ramp without calling compileOSRExit() first.
+            jit.store32(CCallHelpers::TrustedImm32(DoesGCCheck::encode(true, DoesGCCheck::Special::DFGOSRExit)), vm.heap.addressOfDoesGC());
+        }
     }
 #endif

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp

@@ -1808 +1808 @@
     NodeType op = node->op();
 
-    if (validateDFGDoesGC) {
-        bool expectDoesGC = doesGC(m_jit.graph(), node);
-        m_jit.store32(TrustedImm32(DoesGCCheck::encode(expectDoesGC, node->index(), node->op())), vm().heap.addressOfDoesGC());
+    if constexpr (validateDFGDoesGC) {
+        if (Options::validateDoesGC()) {
+            bool expectDoesGC = doesGC(m_jit.graph(), node);
+            m_jit.store32(TrustedImm32(DoesGCCheck::encode(expectDoesGC, node->index(), node->op())), vm().heap.addressOfDoesGC());
+        }
     }
 

trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp

@@ -2137 +2137 @@
     NodeType op = node->op();
 
-    if (validateDFGDoesGC) {
-        bool expectDoesGC = doesGC(m_jit.graph(), node);
-        m_jit.store32(TrustedImm32(DoesGCCheck::encode(expectDoesGC, node->index(), node->op())), vm().heap.addressOfDoesGC());
+    if constexpr (validateDFGDoesGC) {
+        if (Options::validateDoesGC()) {
+            bool expectDoesGC = doesGC(m_jit.graph(), node);
+            m_jit.store32(TrustedImm32(DoesGCCheck::encode(expectDoesGC, node->index(), node->op())), vm().heap.addressOfDoesGC());
+        }
     }
 

trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp

@@ -703 +703 @@
             validateAIState(m_node);
 
-        if (validateDFGDoesGC) {
-            bool expectDoesGC = doesGC(m_graph, m_node);
-            m_out.store(m_out.constInt32(DoesGCCheck::encode(expectDoesGC, m_node->index(), m_node->op())), m_out.absolute(vm().heap.addressOfDoesGC()));
+        if constexpr (validateDFGDoesGC) {
+            if (Options::validateDoesGC()) {
+                bool expectDoesGC = doesGC(m_graph, m_node);
+                m_out.store(m_out.constInt32(DoesGCCheck::encode(expectDoesGC, m_node->index(), m_node->op())), m_out.absolute(vm().heap.addressOfDoesGC()));
+            }
         }
 

trunk/Source/JavaScriptCore/ftl/FTLOSRExitCompiler.cpp

@@ -207 +207 @@
     saveAllRegisters(jit, registerScratch);
     
-    if (validateDFGDoesGC) {
-        // We're about to exit optimized code. So, there's no longer any optimized
-        // code running that expects no GC. We need to set this before object
-        // materialization below.
-
-        // Even though we set Heap::m_doesGC in compileFTLOSRExit(), we also need
-        // to set it here because compileFTLOSRExit() is only called on the first time
-        // we exit from this site, but all subsequent exits will take this compiled
-        // ramp without calling compileFTLOSRExit() first.
-        jit.store32(CCallHelpers::TrustedImm32(DoesGCCheck::encode(true, DoesGCCheck::Special::FTLOSRExit)), vm.heap.addressOfDoesGC());
+    if constexpr (validateDFGDoesGC) {
+        if (Options::validateDoesGC()) {
+            // We're about to exit optimized code. So, there's no longer any optimized
+            // code running that expects no GC. We need to set this before object
+            // materialization below.
+
+            // Even though we set Heap::m_doesGC in compileFTLOSRExit(), we also need
+            // to set it here because compileFTLOSRExit() is only called on the first time
+            // we exit from this site, but all subsequent exits will take this compiled
+            // ramp without calling compileFTLOSRExit() first.
+            jit.store32(CCallHelpers::TrustedImm32(DoesGCCheck::encode(true, DoesGCCheck::Special::FTLOSRExit)), vm.heap.addressOfDoesGC());
+        }
     }
 
@@ -546 +548 @@
     VM& vm = callFrame->deprecatedVM();
 
-    if (validateDFGDoesGC) {
+    if constexpr (validateDFGDoesGC) {
         // We're about to exit optimized code. So, there's no longer any optimized
         // code running that expects no GC.

trunk/Source/JavaScriptCore/heap/CompleteSubspace.cpp

@@ -120 +120 @@
 void* CompleteSubspace::tryAllocateSlow(VM& vm, size_t size, GCDeferralContext* deferralContext)
 {
-    if (validateDFGDoesGC)
+    if constexpr (validateDFGDoesGC)
         vm.heap.verifyCanGC();
 
@@ -156 +156 @@
 void* CompleteSubspace::reallocatePreciseAllocationNonVirtual(VM& vm, HeapCell* oldCell, size_t size, GCDeferralContext* deferralContext, AllocationFailureMode failureMode)
 {
-    if (validateDFGDoesGC)
+    if constexpr (validateDFGDoesGC)
         vm.heap.verifyCanGC();
 

trunk/Source/JavaScriptCore/heap/CompleteSubspaceInlines.h

@@ -33 +33 @@
 ALWAYS_INLINE void* CompleteSubspace::allocateNonVirtual(VM& vm, size_t size, GCDeferralContext* deferralContext, AllocationFailureMode failureMode)
 {
-    if (validateDFGDoesGC)
+    if constexpr (validateDFGDoesGC)
         vm.heap.verifyCanGC();
 

trunk/Source/JavaScriptCore/heap/DeferGC.h

@@ -45 +45 @@
     ~DeferGC()
     {
-        if (validateDFGDoesGC)
+        if constexpr (validateDFGDoesGC)
             m_heap.verifyCanGC();
         m_heap.decrementDeferralDepthAndGCIfNeeded();

trunk/Source/JavaScriptCore/heap/GCDeferralContextInlines.h

@@ -38 +38 @@
 ALWAYS_INLINE GCDeferralContext::~GCDeferralContext()
 {
-    if (validateDFGDoesGC)
+    if constexpr (validateDFGDoesGC)
         m_heap.verifyCanGC();
 

trunk/Source/JavaScriptCore/heap/Heap.cpp

@@ -1064 +1064 @@
 void Heap::collectNow(Synchronousness synchronousness, GCRequest request)
 {
-    if (validateDFGDoesGC)
+    if constexpr (validateDFGDoesGC)
         verifyCanGC();
 
@@ -1097 +1097 @@
 void Heap::collectAsync(GCRequest request)
 {
-    if (validateDFGDoesGC)
+    if constexpr (validateDFGDoesGC)
         verifyCanGC();
 
@@ -1121 +1121 @@
 void Heap::collectSync(GCRequest request)
 {
-    if (validateDFGDoesGC)
+    if constexpr (validateDFGDoesGC)
         verifyCanGC();
 
@@ -1784 +1784 @@
 void Heap::stopIfNecessarySlow()
 {
-    if (validateDFGDoesGC)
+    if constexpr (validateDFGDoesGC)
         verifyCanGC();
 
@@ -1799 +1799 @@
 bool Heap::stopIfNecessarySlow(unsigned oldState)
 {
-    if (validateDFGDoesGC)
+    if constexpr (validateDFGDoesGC)
         verifyCanGC();
 
@@ -2601 +2601 @@
 {
     ASSERT(deferralContext || isDeferred() || !DisallowGC::isInEffectOnCurrentThread());
-    if (validateDFGDoesGC)
+    if constexpr (validateDFGDoesGC)
         verifyCanGC();
 

trunk/Source/JavaScriptCore/heap/HeapInlines.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2014-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -236 +236 @@
 inline void Heap::acquireAccess()
 {
-    if (validateDFGDoesGC)
+    if constexpr (validateDFGDoesGC)
         verifyCanGC();
 
@@ -263 +263 @@
 inline void Heap::stopIfNecessary()
 {
-    if (validateDFGDoesGC)
+    if constexpr (validateDFGDoesGC)
         verifyCanGC();
 

trunk/Source/JavaScriptCore/heap/LocalAllocatorInlines.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2018-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2018-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -33 +33 @@
 ALWAYS_INLINE void* LocalAllocator::allocate(Heap& heap, GCDeferralContext* deferralContext, AllocationFailureMode failureMode)
 {
-    if (validateDFGDoesGC)
+    if constexpr (validateDFGDoesGC)
         heap.verifyCanGC();
     return m_freeList.allocate(

trunk/Source/JavaScriptCore/heap/PreciseAllocation.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2016-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2016-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -43 +43 @@
 PreciseAllocation* PreciseAllocation::tryCreate(Heap& heap, size_t size, Subspace* subspace, unsigned indexInSpace)
 {
-    if (validateDFGDoesGC)
+    if constexpr (validateDFGDoesGC)
         heap.verifyCanGC();
 
@@ -123 +123 @@
 PreciseAllocation* PreciseAllocation::createForLowerTier(Heap& heap, size_t size, Subspace* subspace, uint8_t lowerTierIndex)
 {
-    if (validateDFGDoesGC)
+    if constexpr (validateDFGDoesGC)
         heap.verifyCanGC();
 

trunk/Source/JavaScriptCore/runtime/JSString.h

@@ -733 +733 @@
 ALWAYS_INLINE JSString* jsSingleCharacterString(VM& vm, UChar c)
 {
-    if (validateDFGDoesGC)
+    if constexpr (validateDFGDoesGC)
         vm.heap.verifyCanGC();
     if (c <= maxSingleCharacterString)
@@ -763 +763 @@
 ALWAYS_INLINE AtomString JSString::toAtomString(JSGlobalObject* globalObject) const
 {
-    if (validateDFGDoesGC)
+    if constexpr (validateDFGDoesGC)
         vm().heap.verifyCanGC();
     if (isRope())
@@ -772 +772 @@
 ALWAYS_INLINE RefPtr<AtomStringImpl> JSString::toExistingAtomString(JSGlobalObject* globalObject) const
 {
-    if (validateDFGDoesGC)
+    if constexpr (validateDFGDoesGC)
         vm().heap.verifyCanGC();
     if (isRope())
@@ -783 +783 @@
 inline const String& JSString::value(JSGlobalObject* globalObject) const
 {
-    if (validateDFGDoesGC)
+    if constexpr (validateDFGDoesGC)
         vm().heap.verifyCanGC();
     if (isRope())
@@ -793 +793 @@
 {
     if (allocationAllowed) {
-        if (validateDFGDoesGC)
+        if constexpr (validateDFGDoesGC)
             vm().heap.verifyCanGC();
         if (isRope()) {
@@ -983 +983 @@
 ALWAYS_INLINE StringView JSRopeString::unsafeView(JSGlobalObject* globalObject) const
 {
-    if (validateDFGDoesGC)
+    if constexpr (validateDFGDoesGC)
         vm().heap.verifyCanGC();
     if (isSubstring()) {
@@ -996 +996 @@
 ALWAYS_INLINE StringViewWithUnderlyingString JSRopeString::viewWithUnderlyingString(JSGlobalObject* globalObject) const
 {
-    if (validateDFGDoesGC)
+    if constexpr (validateDFGDoesGC)
         vm().heap.verifyCanGC();
     if (isSubstring()) {
@@ -1010 +1010 @@
 ALWAYS_INLINE StringView JSString::unsafeView(JSGlobalObject* globalObject) const
 {
-    if (validateDFGDoesGC)
+    if constexpr (validateDFGDoesGC)
         vm().heap.verifyCanGC();
     if (isRope())

trunk/Source/JavaScriptCore/runtime/OptionsList.h

@@ -154 +154 @@
     v(Bool, useProbeOSRExit, false, Normal, nullptr) \
     v(Bool, printEachOSRExit, false, Normal, nullptr) \
+    v(Bool, validateDoesGC, ASSERT_ENABLED, Normal, nullptr) \
     v(Bool, validateGraph, false, Normal, nullptr) \
     v(Bool, validateGraphAtEachPhase, false, Normal, nullptr) \

trunk/Source/JavaScriptCore/runtime/RegExpMatchesArray.h

@@ -1 +1 @@
 /*
- *  Copyright (C) 2008-2019 Apple Inc. All Rights Reserved.
+ *  Copyright (C) 2008-2020 Apple Inc. All Rights Reserved.
  *
  *  This library is free software; you can redistribute it and/or
@@ -64 +64 @@
     RegExp* regExp, unsigned startOffset, MatchResult& result)
 {
-    if (validateDFGDoesGC)
+    if constexpr (validateDFGDoesGC)
         vm.heap.verifyCanGC();