Changeset 119844 in webkit

Timestamp:

Jun 8, 2012 11:17:16 AM (12 years ago)

Author:

ggaren@apple.com

Message:

Don't rely on weak pointers for eager CodeBlock finalization
​https://bugs.webkit.org/show_bug.cgi?id=88465

Reviewed by Gavin Barraclough.

This is incompatible with lazy weak pointer finalization.

I considered just making CodeBlock finalization lazy-friendly, but it
turns out that the heap is already way up in CodeBlock's business when
it comes to finalization, so I decided to finish the job and move full
responsibility for CodeBlock finalization into the heap.

• JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Maybe this

will build.

• debugger/Debugger.cpp: Updated for rename.

• heap/Heap.cpp:

(JSC::Heap::deleteAllCompiledCode): Renamed for consistency. Fixed a bug
where we would not delete code for a code block that had been previously
jettisoned. I don't know if this happens in practice -- I mostly did
this to improve consistency with deleteUnmarkedCompiledCode.

(JSC::Heap::deleteUnmarkedCompiledCode): New function, responsible for
eager finalization of unmarked code blocks.

(JSC::Heap::collect): Updated for rename. Updated to call
deleteUnmarkedCompiledCode(), which takes care of jettisoned DFG code
blocks too.

(JSC::Heap::addCompiledCode): Renamed, since this points to all code
now, not just functions.

• heap/Heap.h:

(Heap): Keep track of all user code, not just functions. This is a
negligible additional overhead, since most code is function code.

• runtime/Executable.cpp:

(JSC::*::finalize): Removed these functions, since we don't rely on
weak pointer finalization anymore.

(JSC::FunctionExecutable::FunctionExecutable): Moved linked-list stuff
into base class so all executables can be in the list.

(JSC::EvalExecutable::clearCode):
(JSC::ProgramExecutable::clearCode):
(JSC::FunctionExecutable::clearCode): All we need to do is delete our
CodeBlock -- that will delete all of its internal data structures.

(JSC::FunctionExecutable::clearCodeIfNotCompiling): Factored out a helper
function to improve clarity.

• runtime/Executable.h:

(JSC::ExecutableBase): Moved linked-list stuff
into base class so all executables can be in the list.

(JSC::NativeExecutable::create):
(NativeExecutable):
(ScriptExecutable):
(JSC::ScriptExecutable::finishCreation):
(JSC::EvalExecutable::create):
(EvalExecutable):
(JSC::ProgramExecutable::create):
(ProgramExecutable):
(FunctionExecutable):
(JSC::FunctionExecutable::create): Don't use a finalizer -- the heap
will call us back to destroy our code block.

(JSC::FunctionExecutable::discardCode): Renamed to clearCodeIfNotCompiling()
for clarity.

(JSC::FunctionExecutable::isCompiling): New helper function, for clarity.

(JSC::ScriptExecutable::clearCodeVirtual): New helper function, since
the heap needs to make polymorphic calls to clear code.

• runtime/JSGlobalData.cpp:

(JSC::StackPreservingRecompiler::operator()):

• runtime/JSGlobalObject.cpp:

(JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Updated for
renames.

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def (modified) (1 diff)
• debugger/Debugger.cpp (modified) (1 diff)
• heap/Heap.cpp (modified) (5 diffs)
• heap/Heap.h (modified) (5 diffs)
• runtime/Executable.cpp (modified) (7 diffs)
• runtime/Executable.h (modified) (22 diffs)
• runtime/JSGlobalData.cpp (modified) (1 diff)
• runtime/JSGlobalObject.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+        Don't rely on weak pointers for eager CodeBlock finalization
+        https://bugs.webkit.org/show_bug.cgi?id=88465
+
+        Reviewed by Gavin Barraclough.
+
+        This is incompatible with lazy weak pointer finalization.
+
+        I considered just making CodeBlock finalization lazy-friendly, but it
+        turns out that the heap is already way up in CodeBlock's business when
+        it comes to finalization, so I decided to finish the job and move full
+        responsibility for CodeBlock finalization into the heap.
+
+        * JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def: Maybe this
+        will build.
+
+        * debugger/Debugger.cpp: Updated for rename.
+
+        * heap/Heap.cpp:
+        (JSC::Heap::deleteAllCompiledCode): Renamed for consistency. Fixed a bug
+        where we would not delete code for a code block that had been previously
+        jettisoned. I don't know if this happens in practice -- I mostly did
+        this to improve consistency with deleteUnmarkedCompiledCode.
+
+        (JSC::Heap::deleteUnmarkedCompiledCode): New function, responsible for
+        eager finalization of unmarked code blocks.
+
+        (JSC::Heap::collect): Updated for rename. Updated to call
+        deleteUnmarkedCompiledCode(), which takes care of jettisoned DFG code
+        blocks too.
+
+        (JSC::Heap::addCompiledCode): Renamed, since this points to all code
+        now, not just functions.
+
+        * heap/Heap.h:
+        (Heap): Keep track of all user code, not just functions. This is a
+        negligible additional overhead, since most code is function code.
+
+        * runtime/Executable.cpp:
+        (JSC::*::finalize): Removed these functions, since we don't rely on
+        weak pointer finalization anymore.
+
+        (JSC::FunctionExecutable::FunctionExecutable): Moved linked-list stuff
+        into base class so all executables can be in the list.
+
+        (JSC::EvalExecutable::clearCode):
+        (JSC::ProgramExecutable::clearCode):
+        (JSC::FunctionExecutable::clearCode): All we need to do is delete our
+        CodeBlock -- that will delete all of its internal data structures.
+
+        (JSC::FunctionExecutable::clearCodeIfNotCompiling): Factored out a helper
+        function to improve clarity.
+
+        * runtime/Executable.h:
+        (JSC::ExecutableBase): Moved linked-list stuff
+        into base class so all executables can be in the list.
+
+        (JSC::NativeExecutable::create):
+        (NativeExecutable):
+        (ScriptExecutable):
+        (JSC::ScriptExecutable::finishCreation):
+        (JSC::EvalExecutable::create):
+        (EvalExecutable):
+        (JSC::ProgramExecutable::create):
+        (ProgramExecutable):
+        (FunctionExecutable):
+        (JSC::FunctionExecutable::create): Don't use a finalizer -- the heap
+        will call us back to destroy our code block.
+
+        (JSC::FunctionExecutable::discardCode): Renamed to clearCodeIfNotCompiling()
+        for clarity.
+
+        (JSC::FunctionExecutable::isCompiling): New helper function, for clarity.
+
+        (JSC::ScriptExecutable::clearCodeVirtual): New helper function, since
+        the heap needs to make polymorphic calls to clear code.
+
+        * runtime/JSGlobalData.cpp:
+        (JSC::StackPreservingRecompiler::operator()):
+        * runtime/JSGlobalObject.cpp:
+        (JSC::DynamicGlobalObjectScope::DynamicGlobalObjectScope): Updated for
+        renames.
+
 2012-06-07  Filip Pizlo  <fpizlo@apple.com>
 

trunk/Source/JavaScriptCore/JavaScriptCore.vcproj/JavaScriptCore/JavaScriptCore.def

@@ -152 +152 @@
     ?detachThread@WTF@@YAXI@Z
     ?didTimeOut@TimeoutChecker@JSC@@QAE_NPAVExecState@2@@Z
-    ?discardAllCompiledCode@Heap@JSC@@QAEXXZ
+    ?deleteAllCompiledCode@Heap@JSC@@QAEXXZ
     ?displayName@JSFunction@JSC@@QAE?BVUString@2@PAVExecState@2@@Z
     ?dtoa@WTF@@YAXQADNAA_NAAHAAI@Z

trunk/Source/JavaScriptCore/debugger/Debugger.cpp

@@ -80 +80 @@
 
     ExecState* exec = function->scope()->globalObject->JSGlobalObject::globalExec();
-    executable->discardCode();
+    executable->clearCodeIfNotCompiling();
     if (m_debugger == function->scope()->globalObject->debugger())
         m_sourceProviders.add(executable->source().provider(), exec);

trunk/Source/JavaScriptCore/heap/Heap.cpp

@@ -644 +644 @@
 }
 
-void Heap::discardAllCompiledCode()
-{
-    // If JavaScript is running, it's not safe to recompile, since we'll end
-    // up throwing away code that is live on the stack.
+void Heap::deleteAllCompiledCode()
+{
+    // If JavaScript is running, it's not safe to delete code, since we'll end
+    // up deleting code that is live on the stack.
     if (m_globalData->dynamicGlobalObject)
         return;
 
-    for (FunctionExecutable* current = m_functions.head(); current; current = current->next())
-        current->discardCode();
+    for (ExecutableBase* current = m_compiledCode.head(); current; current = current->next()) {
+        if (!current->isFunctionExecutable())
+            continue;
+        static_cast<FunctionExecutable*>(current)->clearCodeIfNotCompiling();
+    }
+
+    m_dfgCodeBlocks.clearMarks();
+    m_dfgCodeBlocks.deleteUnmarkedJettisonedCodeBlocks();
+}
+
+void Heap::deleteUnmarkedCompiledCode()
+{
+    ExecutableBase* next;
+    for (ExecutableBase* current = m_compiledCode.head(); current; current = next) {
+        next = current->next();
+        if (isMarked(current))
+            continue;
+
+        // We do this because executable memory is limited on some platforms and because
+        // CodeBlock requires eager finalization.
+        ExecutableBase::clearCodeVirtual(current);
+        m_compiledCode.remove(current);
+    }
+
+    m_dfgCodeBlocks.deleteUnmarkedJettisonedCodeBlocks();
 }
 
@@ -681 +704 @@
     double lastGCStartTime = WTF::currentTime();
     if (lastGCStartTime - m_lastCodeDiscardTime > minute) {
-        discardAllCompiledCode();
+        deleteAllCompiledCode();
         m_lastCodeDiscardTime = WTF::currentTime();
     }
@@ -704 +727 @@
     }
 
+    JAVASCRIPTCORE_GC_MARKED();
+
     {
         GCPHASE(FinalizeUnconditionalFinalizers);
@@ -714 +739 @@
         m_globalData->smallStrings.finalizeSmallStrings();
     }
-    
-    JAVASCRIPTCORE_GC_MARKED();
 
     {
         GCPHASE(DeleteCodeBlocks);
-        m_dfgCodeBlocks.deleteUnmarkedJettisonedCodeBlocks();
+        deleteUnmarkedCompiledCode();
     }
 
@@ -809 +832 @@
 }
 
-void Heap::addFunctionExecutable(FunctionExecutable* executable)
-{
-    m_functions.append(executable);
-}
-
-void Heap::removeFunctionExecutable(FunctionExecutable* executable)
-{
-    m_functions.remove(executable);
+void Heap::addCompiledCode(ExecutableBase* executable)
+{
+    m_compiledCode.append(executable);
 }
 

trunk/Source/JavaScriptCore/heap/Heap.h

@@ -43 +43 @@
     class CopiedSpace;
     class CodeBlock;
-    class FunctionExecutable;
+    class ExecutableBase;
     class GCActivityCallback;
     class GlobalCodeBlock;
@@ -117 +117 @@
         typedef void (*Finalizer)(JSCell*);
         JS_EXPORT_PRIVATE void addFinalizer(JSCell*, Finalizer);
-        void addFunctionExecutable(FunctionExecutable*);
-        void removeFunctionExecutable(FunctionExecutable*);
+        void addCompiledCode(ExecutableBase*);
 
         void notifyIsSafeToCollect() { m_isSafeToCollect = true; }
@@ -160 +159 @@
         void increaseLastGCLength(double amount) { m_lastGCLength += amount; }
 
-        JS_EXPORT_PRIVATE void discardAllCompiledCode();
+        JS_EXPORT_PRIVATE void deleteAllCompiledCode();
 
         void didAllocate(size_t);
@@ -195 +194 @@
         void harvestWeakReferences();
         void finalizeUnconditionalFinalizers();
+        void deleteUnmarkedCompiledCode();
         
         RegisterFile& registerFile();
@@ -240 +240 @@
         double m_lastCodeDiscardTime;
 
-        DoublyLinkedList<FunctionExecutable> m_functions;
+        DoublyLinkedList<ExecutableBase> m_compiledCode;
     };
 

trunk/Source/JavaScriptCore/runtime/Executable.cpp

@@ -48 +48 @@
 #endif
 
-inline void ExecutableBase::clearCode()
+void ExecutableBase::clearCode()
 {
 #if ENABLE(JIT)
@@ -98 +98 @@
 }
 #endif
-
-void NativeExecutable::finalize(JSCell* cell)
-{
-    jsCast<NativeExecutable*>(cell)->clearCode();
-}
 
 const ClassInfo ScriptExecutable::s_info = { "ScriptExecutable", &ExecutableBase::s_info, 0, 0, CREATE_METHOD_TABLE(ScriptExecutable) };
@@ -147 +142 @@
     , m_inferredName(inferredName.isNull() ? globalData.propertyNames->emptyIdentifier : inferredName)
     , m_symbolTable(0)
-    , m_next(0)
-    , m_prev(0)
 {
 }
@@ -160 +153 @@
     , m_inferredName(inferredName.isNull() ? exec->globalData().propertyNames->emptyIdentifier : inferredName)
     , m_symbolTable(0)
-    , m_next(0)
-    , m_prev(0)
 {
 }
@@ -293 +284 @@
 }
 
-void EvalExecutable::finalize(JSCell* cell)
-{
-    jsCast<EvalExecutable*>(cell)->clearCode();
-}
-
-inline void EvalExecutable::clearCode()
-{
-    if (m_evalCodeBlock) {
-        m_evalCodeBlock->clearEvalCache();
-        m_evalCodeBlock.clear();
-    }
+void EvalExecutable::clearCode()
+{
+    m_evalCodeBlock.clear();
     Base::clearCode();
 }
@@ -425 +408 @@
 }
 
-void ProgramExecutable::finalize(JSCell* cell)
-{
-    jsCast<ProgramExecutable*>(cell)->clearCode();
-}
-
-inline void ProgramExecutable::clearCode()
-{
-    if (m_programCodeBlock) {
-        m_programCodeBlock->clearEvalCache();
-        m_programCodeBlock.clear();
-    }
+void ProgramExecutable::clearCode()
+{
+    m_programCodeBlock.clear();
     Base::clearCode();
 }
@@ -643 +618 @@
 }
 
-void FunctionExecutable::discardCode()
-{
-#if ENABLE(JIT)
-    // These first two checks are to handle the rare case where
-    // we are trying to evict code for a function during its
-    // codegen.
-    if (!m_jitCodeForCall && m_codeBlockForCall)
+void FunctionExecutable::clearCodeIfNotCompiling()
+{
+    if (isCompiling())
         return;
-    if (!m_jitCodeForConstruct && m_codeBlockForConstruct)
-        return;
-#endif
     clearCode();
 }
 
-void FunctionExecutable::finalize(JSCell* cell)
-{
-    FunctionExecutable* executable = jsCast<FunctionExecutable*>(cell);
-    Heap::heap(executable)->removeFunctionExecutable(executable);
-    executable->clearCode();
-}
-
-inline void FunctionExecutable::clearCode()
-{
-    if (m_codeBlockForCall) {
-        m_codeBlockForCall->clearEvalCache();
-        m_codeBlockForCall.clear();
-    }
-    if (m_codeBlockForConstruct) {
-        m_codeBlockForConstruct->clearEvalCache();
-        m_codeBlockForConstruct.clear();
-    }
+void FunctionExecutable::clearCode()
+{
+    m_codeBlockForCall.clear();
+    m_codeBlockForConstruct.clear();
     Base::clearCode();
 }

trunk/Source/JavaScriptCore/runtime/Executable.h

@@ -55 +55 @@
     }
 
-    class ExecutableBase : public JSCell {
+    class ExecutableBase : public JSCell, public DoublyLinkedListNode<ExecutableBase> {
+        friend class WTF::DoublyLinkedListNode<ExecutableBase>;
         friend class JIT;
 
@@ -81 +82 @@
 #endif
 
+        bool isFunctionExecutable()
+        {
+            return structure()->typeInfo().type() == FunctionExecutableType;
+        }
+
         bool isHostFunction() const
         {
@@ -89 +95 @@
         static Structure* createStructure(JSGlobalData& globalData, JSGlobalObject* globalObject, JSValue proto) { return Structure::create(globalData, globalObject, proto, TypeInfo(CompoundType, StructureFlags), &s_info); }
         
+        void clearCode();
+
         static JS_EXPORTDATA const ClassInfo s_info;
 
@@ -98 +106 @@
 #if ENABLE(JIT)
     public:
+        static void clearCodeVirtual(ExecutableBase*);
+
         JITCode& generatedJITCodeForCall()
         {
@@ -169 +179 @@
 
     protected:
+        ExecutableBase* m_prev;
+        ExecutableBase* m_next;
+
         JITCode m_jitCodeForCall;
         JITCode m_jitCodeForConstruct;
@@ -174 +187 @@
         MacroAssemblerCodePtr m_jitCodeForConstructWithArityCheck;
 #endif
-        void clearCode();
     };
 
@@ -195 +207 @@
                 executable->finishCreation(globalData, JITCode::HostFunction(callThunk), JITCode::HostFunction(constructThunk), intrinsic);
             }
-            globalData.heap.addFinalizer(executable, &finalize);
             return executable;
         }
@@ -206 +217 @@
             NativeExecutable* executable = new (NotNull, allocateCell<NativeExecutable>(globalData.heap)) NativeExecutable(globalData, function, constructor);
             executable->finishCreation(globalData);
-            globalData.heap.addFinalizer(executable, &finalize);
             return executable;
         }
@@ -247 +257 @@
 #endif
 
-        static void finalize(JSCell*);
- 
     private:
         NativeExecutable(JSGlobalData& globalData, NativeFunction function, NativeFunction constructor)
@@ -304 +312 @@
         {
             Base::finishCreation(globalData);
+            globalData.heap.addCompiledCode(this); // Balanced by Heap::deleteUnmarkedCompiledCode().
+
 #if ENABLE(CODEBLOCK_SAMPLING)
             if (SamplingTool* sampler = globalData.interpreter->sampler())
@@ -359 +369 @@
             EvalExecutable* executable = new (NotNull, allocateCell<EvalExecutable>(*exec->heap())) EvalExecutable(exec, source, isInStrictContext);
             executable->finishCreation(exec->globalData());
-            exec->globalData().heap.addFinalizer(executable, &finalize);
             return executable;
         }
@@ -378 +387 @@
         void unlinkCalls();
 
-    protected:
         void clearCode();
-        static void finalize(JSCell*);
 
     private:
@@ -401 +408 @@
             ProgramExecutable* executable = new (NotNull, allocateCell<ProgramExecutable>(*exec->heap())) ProgramExecutable(exec, source);
             executable->finishCreation(exec->globalData());
-            exec->globalData().heap.addFinalizer(executable, &finalize);
             return executable;
         }
@@ -448 +454 @@
         void unlinkCalls();
 
-    protected:
         void clearCode();
-        static void finalize(JSCell*);
 
     private:
@@ -462 +466 @@
     };
 
-    class FunctionExecutable : public ScriptExecutable, public DoublyLinkedListNode<FunctionExecutable> {
+    class FunctionExecutable : public ScriptExecutable {
         friend class JIT;
         friend class LLIntOffsetsExtractor;
-        friend class WTF::DoublyLinkedListNode<FunctionExecutable>;
     public:
         typedef ScriptExecutable Base;
@@ -473 +476 @@
             FunctionExecutable* executable = new (NotNull, allocateCell<FunctionExecutable>(*exec->heap())) FunctionExecutable(exec, name, inferredName, source, forceUsesArguments, parameters, isInStrictContext);
             executable->finishCreation(exec->globalData(), name, firstLine, lastLine);
-            exec->globalData().heap.addFunctionExecutable(executable);
-            exec->globalData().heap.addFinalizer(executable, &finalize);
             return executable;
         }
@@ -482 +483 @@
             FunctionExecutable* executable = new (NotNull, allocateCell<FunctionExecutable>(globalData.heap)) FunctionExecutable(globalData, name, inferredName, source, forceUsesArguments, parameters, isInStrictContext);
             executable->finishCreation(globalData, name, firstLine, lastLine);
-            globalData.heap.addFunctionExecutable(executable);
-            globalData.heap.addFinalizer(executable, &finalize);
             return executable;
         }
@@ -640 +639 @@
         SharedSymbolTable* symbolTable() const { return m_symbolTable; }
 
-        void discardCode();
+        void clearCodeIfNotCompiling();
         static void visitChildren(JSCell*, SlotVisitor&);
         static FunctionExecutable* fromGlobalCode(const Identifier&, ExecState*, Debugger*, const SourceCode&, JSObject** exception);
@@ -652 +651 @@
         void unlinkCalls();
 
+        void clearCode();
+
     protected:
-        void clearCode();
-        static void finalize(JSCell*);
-
         void finishCreation(JSGlobalData& globalData, const Identifier& name, int firstLine, int lastLine)
         {
@@ -678 +676 @@
             return m_codeBlockForConstruct;
         }
-        
+ 
+        bool isCompiling()
+        {
+#if ENABLE(JIT)
+            if (!m_jitCodeForCall && m_codeBlockForCall)
+                return true;
+            if (!m_jitCodeForConstruct && m_codeBlockForConstruct)
+                return true;
+#endif
+            return false;
+        }
+
         static const unsigned StructureFlags = OverridesVisitChildren | ScriptExecutable::StructureFlags;
         unsigned m_numCapturedVariables : 31;
@@ -690 +699 @@
         WriteBarrier<JSString> m_nameValue;
         SharedSymbolTable* m_symbolTable;
-        FunctionExecutable* m_next;
-        FunctionExecutable* m_prev;
     };
 
@@ -724 +731 @@
             return false;
         return function->nativeFunction() == nativeFunction;
+    }
+
+    inline void ExecutableBase::clearCodeVirtual(ExecutableBase* executable)
+    {
+        switch (executable->structure()->typeInfo().type()) {
+        case EvalExecutableType:
+            return jsCast<EvalExecutable*>(executable)->clearCode();
+        case ProgramExecutableType:
+            return jsCast<ProgramExecutable*>(executable)->clearCode();
+        case FunctionExecutableType:
+            return jsCast<FunctionExecutable*>(executable)->clearCode();
+        default:
+            return jsCast<NativeExecutable*>(executable)->clearCode();
+        }
     }
 

trunk/Source/JavaScriptCore/runtime/JSGlobalData.cpp

@@ -420 +420 @@
         if (currentlyExecutingFunctions.contains(executable))
             return;
-        executable->discardCode();
+        executable->clearCodeIfNotCompiling();
     }
 };

trunk/Source/JavaScriptCore/runtime/JSGlobalObject.cpp

@@ -444 +444 @@
 #if ENABLE(ASSEMBLER)
         if (ExecutableAllocator::underMemoryPressure())
-            globalData.heap.discardAllCompiledCode();
+            globalData.heap.deleteAllCompiledCode();
 #endif