Changeset 154351 in webkit


Ignore:
Timestamp:
Aug 20, 2013 12:39:54 PM (11 years ago)
Author:
mhahnenberg@apple.com
Message:

<https://webkit.org/b/119919> Concurrent JIT crashes in various fast/js/dfg-* tests while the main thread is setting innerHTML

Reviewed by Geoffrey Garen.

More fixes for WriteBarrier deferral during concurrent JIT-ing. This patch makes the use of DesiredWriteBarriers class and the
initializeLazyWriteBarrierFor* wrapper functions more sane.

Refactored DesiredWriteBarrier to require an owner, a type, a CodeBlock, and an index. The type indicates how to use the CodeBlock
and index when triggering the WriteBarrier at the end of compilation.

The client code of initializeLazy* is now responsible for creating the WriteBarrier that will be initialized as well as passing
in the relevant index to be used at the end of compilation. Things were kind of muddled before in that one function did a
little extra work that really shouldn't have been its responsibility.

  • dfg/DFGByteCodeParser.cpp:

(JSC::DFG::ByteCodeParser::addConstant):
(JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):

  • dfg/DFGDesiredWriteBarriers.cpp:

(JSC::DFG::DesiredWriteBarrier::DesiredWriteBarrier):
(JSC::DFG::DesiredWriteBarrier::trigger):

  • dfg/DFGDesiredWriteBarriers.h:

(JSC::DFG::DesiredWriteBarriers::add):
(JSC::DFG::initializeLazyWriteBarrierForInlineCallFrameExecutable):
(JSC::DFG::initializeLazyWriteBarrierForInlineCallFrameCallee):
(JSC::DFG::initializeLazyWriteBarrierForConstant):

  • dfg/DFGFixupPhase.cpp:

(JSC::DFG::FixupPhase::truncateConstantToInt32):

  • dfg/DFGGraph.h:

(JSC::DFG::Graph::constantRegisterForConstant):

Location:
trunk/Source/JavaScriptCore
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/JavaScriptCore/ChangeLog

    r154346 r154351  
     12013-08-20  Mark Hahnenberg  <mhahnenberg@apple.com>
     2
     3        <https://webkit.org/b/119919> Concurrent JIT crashes in various fast/js/dfg-* tests while the main thread is setting innerHTML
     4
     5        Reviewed by Geoffrey Garen.
     6
     7        More fixes for WriteBarrier deferral during concurrent JIT-ing. This patch makes the use of DesiredWriteBarriers class and the
     8        initializeLazyWriteBarrierFor* wrapper functions more sane.
     9
     10        Refactored DesiredWriteBarrier to require an owner, a type, a CodeBlock, and an index. The type indicates how to use the CodeBlock
     11        and index when triggering the WriteBarrier at the end of compilation.
     12
     13        The client code of initializeLazy* is now responsible for creating the WriteBarrier that will be initialized as well as passing
     14        in the relevant index to be used at the end of compilation. Things were kind of muddled before in that one function did a
     15        little extra work that really shouldn't have been its responsibility.
     16
     17        * dfg/DFGByteCodeParser.cpp:
     18        (JSC::DFG::ByteCodeParser::addConstant):
     19        (JSC::DFG::ByteCodeParser::InlineStackEntry::InlineStackEntry):
     20        * dfg/DFGDesiredWriteBarriers.cpp:
     21        (JSC::DFG::DesiredWriteBarrier::DesiredWriteBarrier):
     22        (JSC::DFG::DesiredWriteBarrier::trigger):
     23        * dfg/DFGDesiredWriteBarriers.h:
     24        (JSC::DFG::DesiredWriteBarriers::add):
     25        (JSC::DFG::initializeLazyWriteBarrierForInlineCallFrameExecutable):
     26        (JSC::DFG::initializeLazyWriteBarrierForInlineCallFrameCallee):
     27        (JSC::DFG::initializeLazyWriteBarrierForConstant):
     28        * dfg/DFGFixupPhase.cpp:
     29        (JSC::DFG::FixupPhase::truncateConstantToInt32):
     30        * dfg/DFGGraph.h:
     31        (JSC::DFG::Graph::constantRegisterForConstant):
     32
    1332013-08-20  Michael Saboff  <msaboff@apple.com>
    234
  • trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp

    r154304 r154351  
    404404    void addConstant(JSValue value)
    405405    {
     406        unsigned constantIndex = m_codeBlock->addConstantLazily();
    406407        initializeLazyWriteBarrierForConstant(
     408            m_graph.m_plan.writeBarriers,
     409            m_codeBlock->constants()[constantIndex],
    407410            m_codeBlock,
    408             m_graph.m_plan.writeBarriers,
     411            constantIndex,
    409412            m_codeBlock->ownerExecutable(),
    410413            value);
     
    32913294       
    32923295        InlineCallFrame inlineCallFrame;
    3293         initializeLazyWriteBarrier(
     3296        initializeLazyWriteBarrierForInlineCallFrameExecutable(
     3297            byteCodeParser->m_graph.m_plan.writeBarriers,
    32943298            inlineCallFrame.executable,
    3295             byteCodeParser->m_graph.m_plan.writeBarriers,
     3299            byteCodeParser->m_codeBlock,
     3300            byteCodeParser->m_codeBlock->inlineCallFrames().size(),
    32963301            byteCodeParser->m_codeBlock->ownerExecutable(),
    32973302            codeBlock->ownerExecutable());
    32983303        inlineCallFrame.stackOffset = inlineCallFrameStart + JSStack::CallFrameHeaderSize;
    32993304        if (callee) {
    3300             initializeLazyWriteBarrier(
     3305            initializeLazyWriteBarrierForInlineCallFrameCallee(
     3306                byteCodeParser->m_graph.m_plan.writeBarriers,
    33013307                inlineCallFrame.callee,
    3302                 byteCodeParser->m_graph.m_plan.writeBarriers,
     3308                byteCodeParser->m_codeBlock,
     3309                byteCodeParser->m_codeBlock->inlineCallFrames().size(),
    33033310                byteCodeParser->m_codeBlock->ownerExecutable(),
    33043311                callee);
  • trunk/Source/JavaScriptCore/dfg/DFGDesiredWriteBarriers.cpp

    r154287 r154351  
    3535namespace JSC { namespace DFG {
    3636
    37 DesiredWriteBarrier::DesiredWriteBarrier(WriteBarrier<Unknown>* barrier, JSCell* owner)
     37DesiredWriteBarrier::DesiredWriteBarrier(Type type, CodeBlock* codeBlock, unsigned index, JSCell* owner)
    3838    : m_owner(owner)
    39     , m_type(NormalType)
     39    , m_type(type)
     40    , m_codeBlock(codeBlock)
     41    , m_index(index)
    4042{
    41     u.m_barrier = barrier;
    42 }
    43 
    44 DesiredWriteBarrier::DesiredWriteBarrier(Vector<WriteBarrier<Unknown> >* barriers, unsigned index, JSCell* owner)
    45     : m_owner(owner)
    46     , m_type(VectorType)
    47 {
    48     u.barrier_vector.m_barriers = barriers;
    49     u.barrier_vector.m_index = index;
    5043}
    5144
     
    5346{
    5447    switch (m_type) {
    55     case NormalType: {
    56         u.m_barrier->set(vm, m_owner, u.m_barrier->get());
     48    case ConstantType: {
     49        WriteBarrier<Unknown>& barrier = m_codeBlock->constants()[m_index];
     50        barrier.set(vm, m_owner, barrier.get());
    5751        break;
    5852    }
    5953
    60     case VectorType: {
    61         unsigned index = u.barrier_vector.m_index;
    62         WriteBarrier<Unknown>& barrier = u.barrier_vector.m_barriers->at(index);
    63         barrier.set(vm, m_owner, barrier.get());
     54    case InlineCallFrameExecutableType: {
     55        InlineCallFrame& inlineCallFrame = m_codeBlock->inlineCallFrames()[m_index];
     56        WriteBarrier<ScriptExecutable>& executable = inlineCallFrame.executable;
     57        executable.set(vm, m_owner, executable.get());
     58        break;
     59    }
     60
     61    case InlineCallFrameCalleeType: {
     62        InlineCallFrame& inlineCallFrame = m_codeBlock->inlineCallFrames()[m_index];
     63        ASSERT(!!inlineCallFrame.callee);
     64        WriteBarrier<JSFunction>& callee = inlineCallFrame.callee;
     65        callee.set(vm, m_owner, callee.get());
    6466        break;
    6567    }
     
    7678}
    7779
    78 DesiredWriteBarrier& DesiredWriteBarriers::addImpl(WriteBarrier<Unknown>* barrier, JSCell* owner)
    79 {
    80     m_barriers.append(DesiredWriteBarrier(barrier, owner));
    81     return m_barriers.last();
    82 }
    83 
    8480void DesiredWriteBarriers::trigger(VM& vm)
    8581{
     
    8884}
    8985
    90 void initializeLazyWriteBarrierForConstant(CodeBlock* codeBlock, DesiredWriteBarriers& barriers, JSCell* owner, JSValue value)
    91 {
    92     unsigned constantIndex = codeBlock->addConstantLazily();
    93     WriteBarrier<Unknown>& barrier = codeBlock->constants()[constantIndex];
    94     barrier = WriteBarrier<Unknown>(
    95         barriers.add(codeBlock->constants(), constantIndex, owner), value);
    96 }
    97 
    9886} } // namespace JSC::DFG
    9987
  • trunk/Source/JavaScriptCore/dfg/DFGDesiredWriteBarriers.h

    r154287 r154351  
    3434namespace JSC {
    3535
     36class JSFunction;
     37class ScriptExecutable;
    3638class VM;
    3739
     
    4042class DesiredWriteBarrier {
    4143public:
    42     DesiredWriteBarrier(WriteBarrier<Unknown>*, JSCell* owner);
    43     DesiredWriteBarrier(Vector<WriteBarrier<Unknown> >*, unsigned index, JSCell* owner);
     44    enum Type { ConstantType, InlineCallFrameExecutableType, InlineCallFrameCalleeType };
     45    DesiredWriteBarrier(Type, CodeBlock*, unsigned index, JSCell* owner);
    4446
    4547    void trigger(VM&);
     
    4749private:
    4850    JSCell* m_owner;
    49     enum WriteBarrierType { NormalType, VectorType };
    50     WriteBarrierType m_type;
    51     union {
    52         WriteBarrier<Unknown>* m_barrier;
    53         struct {
    54             Vector<WriteBarrier<Unknown> >* m_barriers;
    55             unsigned m_index;
    56         } barrier_vector;
    57     } u;
     51    Type m_type;
     52    CodeBlock* m_codeBlock;
     53    unsigned m_index;
    5854};
    5955
     
    6359    ~DesiredWriteBarriers();
    6460
    65     template <typename T>
    66     DesiredWriteBarrier& add(WriteBarrier<T>& barrier, JSCell* owner)
     61    DesiredWriteBarrier& add(DesiredWriteBarrier::Type type, CodeBlock* codeBlock, unsigned index, JSCell* owner)
    6762    {
    68         return addImpl(reinterpret_cast<WriteBarrier<Unknown>*>(&barrier), owner);
    69     }
    70 
    71     DesiredWriteBarrier& add(Vector<WriteBarrier<Unknown> >& barriers, unsigned index, JSCell* owner)
    72     {
    73         m_barriers.append(DesiredWriteBarrier(&barriers, index, owner));
     63        m_barriers.append(DesiredWriteBarrier(type, codeBlock, index, owner));
    7464        return m_barriers.last();
    7565    }
     
    7868
    7969private:
    80     DesiredWriteBarrier& addImpl(WriteBarrier<Unknown>*, JSCell*);
    81 
    8270    Vector<DesiredWriteBarrier> m_barriers;
    8371};
    8472
    85 template <typename T, typename U>
    86 void initializeLazyWriteBarrier(WriteBarrier<T>& barrier, DesiredWriteBarriers& barriers, JSCell* owner, U value)
     73inline void initializeLazyWriteBarrierForInlineCallFrameExecutable(DesiredWriteBarriers& barriers, WriteBarrier<ScriptExecutable>& barrier, CodeBlock* codeBlock, unsigned index, JSCell* owner, ScriptExecutable* value)
    8774{
    88     barrier = WriteBarrier<T>(barriers.add(barrier, owner), value);
     75    DesiredWriteBarrier& desiredBarrier = barriers.add(DesiredWriteBarrier::InlineCallFrameExecutableType, codeBlock, index, owner);
     76    barrier = WriteBarrier<ScriptExecutable>(desiredBarrier, value);
    8977}
    9078
    91 void initializeLazyWriteBarrierForConstant(CodeBlock*, DesiredWriteBarriers&, JSCell* owner, JSValue);
     79inline void initializeLazyWriteBarrierForInlineCallFrameCallee(DesiredWriteBarriers& barriers, WriteBarrier<JSFunction>& barrier, CodeBlock* codeBlock, unsigned index, JSCell* owner, JSFunction* value)
     80{
     81    DesiredWriteBarrier& desiredBarrier = barriers.add(DesiredWriteBarrier::InlineCallFrameCalleeType, codeBlock, index, owner);
     82    barrier = WriteBarrier<JSFunction>(desiredBarrier, value);
     83}
     84
     85inline void initializeLazyWriteBarrierForConstant(DesiredWriteBarriers& barriers, WriteBarrier<Unknown>& barrier, CodeBlock* codeBlock, unsigned index, JSCell* owner, JSValue value)
     86{
     87    DesiredWriteBarrier& desiredBarrier = barriers.add(DesiredWriteBarrier::ConstantType, codeBlock, index, owner);
     88    barrier = WriteBarrier<Unknown>(desiredBarrier, value);
     89}
    9290
    9391} } // namespace JSC::DFG
  • trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp

    r154305 r154351  
    13811381        unsigned constantRegister;
    13821382        if (!codeBlock()->findConstant(value, constantRegister)) {
     1383            constantRegister = codeBlock()->addConstantLazily();
    13831384            initializeLazyWriteBarrierForConstant(
     1385                m_graph.m_plan.writeBarriers,
     1386                codeBlock()->constants()[constantRegister],
    13841387                codeBlock(),
    1385                 m_graph.m_plan.writeBarriers,
     1388                constantRegister,
    13861389                codeBlock()->ownerExecutable(),
    13871390                value);
  • trunk/Source/JavaScriptCore/dfg/DFGGraph.h

    r154245 r154351  
    156156        unsigned constantRegister;
    157157        if (!m_codeBlock->findConstant(value, constantRegister)) {
     158            constantRegister = m_codeBlock->addConstantLazily();
    158159            initializeLazyWriteBarrierForConstant(
     160                m_plan.writeBarriers,
     161                m_codeBlock->constants()[constantRegister],
    159162                m_codeBlock,
    160                 m_plan.writeBarriers,
     163                constantRegister,
    161164                m_codeBlock->ownerExecutable(),
    162165                value);
Note: See TracChangeset for help on using the changeset viewer.