Changeset 279861 in webkit


Ignore:
Timestamp:
Jul 12, 2021 6:47:47 PM (3 years ago)
Author:
mark.lam@apple.com
Message:

Revert r277027: breaks GC.
https://bugs.webkit.org/show_bug.cgi?id=227888

Reviewed by Saam Barati.

The patch in r277027 to make deletion of GCAwareJITStubRoutines incremental has a
bug: the routine may not be deleted yet by the incremental sweeper before the next
GC cycle, and the GC will not be happy visiting dead cell pointers in that routine.
There is also another bug with the triggering of sweeping.

For now, we're reverting the patch, and will revisit this at a later time.

  • CMakeLists.txt:
  • heap/Heap.cpp:

(JSC::Heap::deleteUnmarkedCompiledCode):
(JSC::Heap::sweepSynchronously):

  • heap/Heap.h:
  • heap/HeapInlines.h:

(JSC::Heap::mayHaveJITStubRoutinesToDelete): Deleted.
(JSC::Heap::deleteDeadJITStubRoutines): Deleted.

  • heap/IncrementalSweeper.cpp:

(JSC::IncrementalSweeper::doSweep):

  • heap/JITStubRoutineSet.cpp:

(JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):

  • heap/JITStubRoutineSet.h:

(JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
(JSC::JITStubRoutineSet::traceMarkedStubRoutines):
(JSC::JITStubRoutineSet::mayHaveRoutinesToDelete): Deleted.
(JSC::JITStubRoutineSet::notifyHaveRoutinesToDelete): Deleted.

  • jit/GCAwareJITStubRoutine.cpp:

(JSC::GCAwareJITStubRoutine::observeZeroRefCount):

  • jit/JITStubRoutine.h:

(JSC::JITStubRoutine::createSelfManagedRoutine):

Location:
trunk/Source/JavaScriptCore
Files:
10 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/CMakeLists.txt

    r279630 r279861  
    671671    heap/IsoSubspaceInlines.h
    672672    heap/IsoSubspacePerVM.h
    673     heap/JITStubRoutineSet.h
    674673    heap/LocalAllocator.h
    675674    heap/LocalAllocatorInlines.h

  • trunk/Source/JavaScriptCore/ChangeLog

    r279850 r279861  
     12021-07-12  Mark Lam  <mark.lam@apple.com>
     2
     3        Revert r277027: breaks GC.
     4        https://bugs.webkit.org/show_bug.cgi?id=227888
     5
     6        Reviewed by Saam Barati.
     7
     8        The patch in r277027 to make deletion of GCAwareJITStubRoutines incremental has a
     9        bug: the routine may not be deleted yet by the incremental sweeper before the next
     10        GC cycle, and the GC will not be happy visiting dead cell pointers in that routine.
     11        There is also another bug with the triggering of sweeping.
     12
     13        For now, we're reverting the patch, and will revisit this at a later time.
     14
     15        * CMakeLists.txt:
     16        * heap/Heap.cpp:
     17        (JSC::Heap::deleteUnmarkedCompiledCode):
     18        (JSC::Heap::sweepSynchronously):
     19        * heap/Heap.h:
     20        * heap/HeapInlines.h:
     21        (JSC::Heap::mayHaveJITStubRoutinesToDelete): Deleted.
     22        (JSC::Heap::deleteDeadJITStubRoutines): Deleted.
     23        * heap/IncrementalSweeper.cpp:
     24        (JSC::IncrementalSweeper::doSweep):
     25        * heap/JITStubRoutineSet.cpp:
     26        (JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
     27        * heap/JITStubRoutineSet.h:
     28        (JSC::JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines):
     29        (JSC::JITStubRoutineSet::traceMarkedStubRoutines):
     30        (JSC::JITStubRoutineSet::mayHaveRoutinesToDelete): Deleted.
     31        (JSC::JITStubRoutineSet::notifyHaveRoutinesToDelete): Deleted.
     32        * jit/GCAwareJITStubRoutine.cpp:
     33        (JSC::GCAwareJITStubRoutine::observeZeroRefCount):
     34        * jit/JITStubRoutine.h:
     35        (JSC::JITStubRoutine::createSelfManagedRoutine):
     36
    1372021-07-12  Yijia Huang  <yijia_huang@apple.com>
    238

  • trunk/Source/JavaScriptCore/heap/Heap.cpp

    r279689 r279861  
    975975    // And CodeBlock destructor is assuming that CodeBlock gets destroyed before UnlinkedCodeBlock gets destroyed.
    976976    vm().forEachCodeBlockSpace([] (auto& space) { space.space.sweep(); });
    977     if (mayHaveJITStubRoutinesToDelete())
    978         deleteDeadJITStubRoutines(5_ms);
     977    m_jitStubRoutines->deleteUnmarkedJettisonedStubRoutines();
    979978}
    980979
     
    10431042    m_objectSpace.sweepBlocks();
    10441043    m_objectSpace.shrink();
    1045 
    1046     unsigned passes = 0;
    1047     while (mayHaveJITStubRoutinesToDelete()) {
    1048         constexpr Seconds unlimitedTime = 600_s;
    1049         deleteDeadJITStubRoutines(unlimitedTime);
    1050         RELEASE_ASSERT(passes++ < 100);
    1051     }
    1052 
    10531044    if (UNLIKELY(Options::logGC())) {
    10541045        MonotonicTime after = MonotonicTime::now();

  • trunk/Source/JavaScriptCore/heap/Heap.h

    r278253 r279861  
    407407    bool isMarkingForGCVerifier() const { return m_isMarkingForGCVerifier; }
    408408
    409     static bool mayHaveJITStubRoutinesToDelete();
    410     void deleteDeadJITStubRoutines(Seconds timeSlice);
    411 
    412409private:
    413410    friend class AllocatingScope;

  • trunk/Source/JavaScriptCore/heap/HeapInlines.h

    r277027 r279861  
    3030#include "HeapCellInlines.h"
    3131#include "IndexingHeader.h"
    32 #include "JITStubRoutineSet.h"
    3332#include "JSCast.h"
    3433#include "Structure.h"
     
    281280}
    282281
    283 inline bool Heap::mayHaveJITStubRoutinesToDelete()
    284 {
    285     return JITStubRoutineSet::mayHaveRoutinesToDelete();
    286 }
    287 
    288 inline void Heap::deleteDeadJITStubRoutines(Seconds timeSlice)
    289 {
    290     m_jitStubRoutines->deleteUnmarkedJettisonedStubRoutines(timeSlice);
    291 }
    292 
    293282} // namespace JSC

  • trunk/Source/JavaScriptCore/heap/IncrementalSweeper.cpp

    r277027 r279861  
    3737static constexpr double sweepTimeTotal = .10;
    3838static constexpr double sweepTimeMultiplier = 1.0 / sweepTimeTotal;
    39 static constexpr Seconds deleteJITStubRoutinesTimeSlice = std::min(sweepTimeSlice / 10, 1_ms);
    4039
    4140void IncrementalSweeper::scheduleTimer()
     
    5756void IncrementalSweeper::doSweep(VM& vm, MonotonicTime sweepBeginTime)
    5857{
    59     bool hasMoreBlocksToSweep = true;
    60     bool hasMoreWork = true;
    61     while (hasMoreWork) {
    62         if (hasMoreBlocksToSweep)
    63             hasMoreBlocksToSweep = sweepNextBlock(vm);
    64 
    65         if (Heap::mayHaveJITStubRoutinesToDelete())
    66             vm.heap.deleteDeadJITStubRoutines(deleteJITStubRoutinesTimeSlice);
    67 
    68         hasMoreWork = hasMoreBlocksToSweep || Heap::mayHaveJITStubRoutinesToDelete();
    69 
     58    while (sweepNextBlock(vm)) {
    7059        Seconds elapsedTime = MonotonicTime::now() - sweepBeginTime;
    7160        if (elapsedTime < sweepTimeSlice)

  • trunk/Source/JavaScriptCore/heap/JITStubRoutineSet.cpp

    r277850 r279861  
    3030
    3131#include "GCAwareJITStubRoutine.h"
    32 #include <algorithm>
    3332
    3433namespace JSC {
    35 
    36 using WTF::Range;
    37 
    38 bool JITStubRoutineSet::s_mayHaveRoutinesToDelete = false;
    3934
    4035JITStubRoutineSet::JITStubRoutineSet() { }
     
    120115}
    121116
    122 void JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines(Seconds timeSlice)
     117void JITStubRoutineSet::deleteUnmarkedJettisonedStubRoutines()
    123118{
    124     ASSERT(s_mayHaveRoutinesToDelete);
    125 
    126     MonotonicTime startTime = MonotonicTime::now();
    127     Seconds elapsedTime;
    128     constexpr unsigned maxBatchSize = 100;
    129 
    130     unsigned endIndex = m_routines.size();
    131 
    132     // Clear the s_mayHaveRoutinesToDelete flag before we start.
    133     // Destruction of a MarkingGCAwareJITStubRoutine can trigger more routines
    134     // to be deleted, and some of those may be the ones we have already iterated
    135     // pass.
    136     s_mayHaveRoutinesToDelete = false;
    137 
    138119    unsigned srcIndex = 0;
    139     while (srcIndex < endIndex) {
    140         unsigned batchSize = std::min<unsigned>(maxBatchSize, endIndex - srcIndex);
    141         while (batchSize--) {
    142             Routine routine = m_routines[srcIndex];
    143             if (!routine.routine->m_isJettisoned || routine.routine->m_mayBeExecuting) {
    144                 srcIndex++;
    145                 continue;
    146             }
    147             m_routines[srcIndex] = m_routines[--endIndex];
    148 
    149             routine.routine->deleteFromGC();
     120    unsigned dstIndex = srcIndex;
     121    while (srcIndex < m_routines.size()) {
     122        Routine routine = m_routines[srcIndex++];
     123        if (!routine.routine->m_isJettisoned || routine.routine->m_mayBeExecuting) {
     124            m_routines[dstIndex++] = routine;
     125            continue;
    150126        }
    151 
    152         elapsedTime = MonotonicTime::now() - startTime;
    153         if (elapsedTime > timeSlice) {
    154             // We timed out. Assume there's more to do, and that we should check
    155             // again next time slice.
    156             s_mayHaveRoutinesToDelete = true;
    157             break;
    158         }
     127        routine.routine->deleteFromGC();
    159128    }
    160 
    161     m_routines.shrinkCapacity(endIndex);
     129    m_routines.shrinkCapacity(dstIndex);
    162130}
    163131

  • trunk/Source/JavaScriptCore/heap/JITStubRoutineSet.h

    r277027 r279861  
    3232#include <wtf/Vector.h>
    3333
     34using WTF::Range;
     35
    3436namespace JSC {
    3537
     
    6062    void prepareForConservativeScan();
    6163   
    62     void deleteUnmarkedJettisonedStubRoutines(Seconds timeSlice);
     64    void deleteUnmarkedJettisonedStubRoutines();
    6365
    6466    template<typename Visitor> void traceMarkedStubRoutines(Visitor&);
    65 
    66     static bool mayHaveRoutinesToDelete() { return s_mayHaveRoutinesToDelete; }
    67     static void notifyHaveRoutinesToDelete() { s_mayHaveRoutinesToDelete = true; }
    68 
     67   
    6968private:
    7069    void markSlow(uintptr_t address);
     
    7574    };
    7675    Vector<Routine> m_routines;
    77     WTF::Range<uintptr_t> m_range { 0, 0 };
    78 
    79     static bool s_mayHaveRoutinesToDelete;
     76    Range<uintptr_t> m_range { 0, 0 };
    8077};
    8178
     
    9491    void mark(void*) { }
    9592    void prepareForConservativeScan() { }
    96     void deleteUnmarkedJettisonedStubRoutines(Seconds) { }
     93    void deleteUnmarkedJettisonedStubRoutines() { }
    9794    template<typename Visitor> void traceMarkedStubRoutines(Visitor&) { }
    98 
    99     static bool mayHaveRoutinesToDelete() { return false; }
    100     static void notifyHaveRoutinesToDelete() { }
    10195};
    10296

  • trunk/Source/JavaScriptCore/jit/GCAwareJITStubRoutine.cpp

    r278656 r279861  
    6868
    6969    m_isJettisoned = true;
    70     JITStubRoutineSet::notifyHaveRoutinesToDelete();
    7170}
    7271

  • trunk/Source/JavaScriptCore/jit/JITStubRoutine.h

    r278656 r279861  
    11/*
    2  * Copyright (C) 2012-2021 Apple Inc. All rights reserved.
     2 * Copyright (C) 2012-2018 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    6464    }
    6565   
     66    // Use this if you want to pass a CodePtr to someone who insists on taking
     67    // a RefPtr<JITStubRoutine>.
     68    static Ref<JITStubRoutine> createSelfManagedRoutine(
     69        MacroAssemblerCodePtr<JITStubRoutinePtrTag> rawCodePointer)
     70    {
     71        return adoptRef(*new JITStubRoutine(MacroAssemblerCodeRef<JITStubRoutinePtrTag>::createSelfManagedCodeRef(rawCodePointer)));
     72    }
     73   
    6674    virtual ~JITStubRoutine();
    6775    virtual void aboutToDie() { }
Note: See TracChangeset for help on using the changeset viewer.