Changeset 212665 in webkit

Timestamp:

Feb 20, 2017 12:30:43 PM (7 years ago)

Author:

commit-queue@webkit.org

Message:

Unreviewed, rolling out r212618.
​https://bugs.webkit.org/show_bug.cgi?id=168609

"Appears to cause PLT regression" (Requested by mlam on
#webkit).

Reverted changeset:

"CachedCall should let GC know to keep its arguments alive."
​https://bugs.webkit.org/show_bug.cgi?id=168567
​http://trac.webkit.org/changeset/212618

Location:

trunk/Source

Files:

• JavaScriptCore/ChangeLog (modified) (1 diff)
• JavaScriptCore/interpreter/CachedCall.h (modified) (5 diffs)
• JavaScriptCore/interpreter/CallFrame.h (modified) (2 diffs)
• JavaScriptCore/interpreter/Interpreter.cpp (modified) (3 diffs)
• JavaScriptCore/interpreter/Interpreter.h (modified) (2 diffs)
• JavaScriptCore/interpreter/ProtoCallFrame.h (modified) (2 diffs)
• JavaScriptCore/runtime/ArgList.cpp (modified) (2 diffs)
• JavaScriptCore/runtime/ArgList.h (modified) (4 diffs)
• JavaScriptCore/runtime/StringPrototype.cpp (modified) (5 diffs)
• JavaScriptCore/runtime/VM.cpp (modified) (1 diff)
• JavaScriptCore/runtime/VM.h (modified) (1 diff)
• WTF/ChangeLog (modified) (1 diff)
• WTF/WTF.xcodeproj/project.pbxproj (modified) (4 diffs)
• WTF/wtf/ForbidHeapAllocation.h (deleted)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2017-02-20  Commit Queue  <commit-queue@webkit.org>
+
+        Unreviewed, rolling out r212618.
+        https://bugs.webkit.org/show_bug.cgi?id=168609
+
+        "Appears to cause PLT regression" (Requested by mlam on
+        #webkit).
+
+        Reverted changeset:
+
+        "CachedCall should let GC know to keep its arguments alive."
+        https://bugs.webkit.org/show_bug.cgi?id=168567
+        http://trac.webkit.org/changeset/212618
+
 2017-02-19  Mark Lam  <mark.lam@apple.com>
 

trunk/Source/JavaScriptCore/interpreter/CachedCall.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2009-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2009, 2013, 2016 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -34 +34 @@
 #include "VMEntryScope.h"
 #include "VMInlines.h"
-#include <wtf/ForbidHeapAllocation.h>
 
 namespace JSC {
     class CachedCall {
-        WTF_MAKE_NONCOPYABLE(CachedCall);
-        WTF_FORBID_HEAP_ALLOCATION;
+        WTF_MAKE_NONCOPYABLE(CachedCall); WTF_MAKE_FAST_ALLOCATED;
     public:
         CachedCall(CallFrame* callFrame, JSFunction* function, int argumentCount)
@@ -52 +50 @@
             ASSERT(!function->isHostFunctionNonInline());
             if (UNLIKELY(vm.isSafeToRecurseSoft())) {
-                m_arguments.ensureCapacity(argumentCount);
-                m_closure = m_interpreter->prepareForRepeatCall(function->jsExecutable(), callFrame, &m_protoCallFrame, function, argumentCount + 1, function->scope(), m_arguments);
+                m_arguments.resize(argumentCount);
+                m_closure = m_interpreter->prepareForRepeatCall(function->jsExecutable(), callFrame, &m_protoCallFrame, function, argumentCount + 1, function->scope(), m_arguments.data());
             } else
                 throwStackOverflowError(callFrame, scope);
@@ -62 +60 @@
         { 
             ASSERT(m_valid);
-            ASSERT(m_arguments.size() == static_cast<size_t>(m_protoCallFrame.argumentCount()));
             return m_interpreter->execute(m_closure);
         }
         void setThis(JSValue v) { m_protoCallFrame.setThisValue(v); }
-
-        void clearArguments() { m_arguments.clear(); }
-        void appendArgument(JSValue v) { m_arguments.append(v); }
+        void setArgument(int n, JSValue v) { m_protoCallFrame.setArgument(n, v); }
 
     private:
@@ -76 +71 @@
         VMEntryScope m_entryScope;
         ProtoCallFrame m_protoCallFrame;
-        MarkedArgumentBuffer m_arguments;
+        Vector<JSValue> m_arguments;
         CallFrameClosure m_closure;
     };

trunk/Source/JavaScriptCore/interpreter/CallFrame.h

@@ -2 +2 @@
  *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
  *  Copyright (C) 2001 Peter Kelly (pmk@post.com)
- *  Copyright (C) 2003-2017 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003, 2007-2008, 2011, 2013-2016 Apple Inc. All rights reserved.
  *
  *  This library is free software; you can redistribute it and/or
@@ -120 +120 @@
         AtomicStringTable* atomicStringTable() const { return vm().atomicStringTable(); }
         const CommonIdentifiers& propertyNames() const { return *vm().propertyNames; }
-        const ArgList& emptyList() const { return *vm().emptyList; }
+        const MarkedArgumentBuffer& emptyList() const { return *vm().emptyList; }
         Interpreter* interpreter() { return vm().interpreter; }
         Heap* heap() { return &vm().heap; }

trunk/Source/JavaScriptCore/interpreter/Interpreter.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2008-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2008-2010, 2012-2016 Apple Inc. All rights reserved.
  * Copyright (C) 2008 Cameron Zwarich <cwzwarich@uwaterloo.ca>
  *
@@ -1006 +1006 @@
 }
 
-CallFrameClosure Interpreter::prepareForRepeatCall(FunctionExecutable* functionExecutable, CallFrame* callFrame, ProtoCallFrame* protoCallFrame, JSFunction* function, int argumentCountIncludingThis, JSScope* scope, const ArgList& args)
+CallFrameClosure Interpreter::prepareForRepeatCall(FunctionExecutable* functionExecutable, CallFrame* callFrame, ProtoCallFrame* protoCallFrame, JSFunction* function, int argumentCountIncludingThis, JSScope* scope, JSValue* args)
 {
     VM& vm = *scope->vm();
@@ -1026 +1026 @@
     size_t argsCount = argumentCountIncludingThis;
 
-    protoCallFrame->init(newCodeBlock, function, jsUndefined(), argsCount, args.data());
+    protoCallFrame->init(newCodeBlock, function, jsUndefined(), argsCount, args);
     // Return the successful closure:
     CallFrameClosure result = { callFrame, protoCallFrame, function, functionExecutable, &vm, scope, newCodeBlock->numParameters(), argumentCountIncludingThis };

trunk/Source/JavaScriptCore/interpreter/Interpreter.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2008-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2008, 2013, 2015-2016 Apple Inc. All rights reserved.
  * Copyright (C) 2012 Research In Motion Limited. All rights reserved.
  *
@@ -155 +155 @@
         enum ExecutionFlag { Normal, InitializeAndReturn };
 
-        CallFrameClosure prepareForRepeatCall(FunctionExecutable*, CallFrame*, ProtoCallFrame*, JSFunction*, int argumentCountIncludingThis, JSScope*, const ArgList&);
+        CallFrameClosure prepareForRepeatCall(FunctionExecutable*, CallFrame*, ProtoCallFrame*, JSFunction*, int argumentCountIncludingThis, JSScope*, JSValue*);
 
         JSValue execute(CallFrameClosure&);

trunk/Source/JavaScriptCore/interpreter/ProtoCallFrame.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2013-2017 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2013 Apple Inc. All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -27 +27 @@
 
 #include "Register.h"
-#include <wtf/ForbidHeapAllocation.h>
 
 namespace JSC {
 
 struct JS_EXPORT_PRIVATE ProtoCallFrame {
-    WTF_FORBID_HEAP_ALLOCATION;
-public:
     Register codeBlockValue;
     Register calleeValue;

trunk/Source/JavaScriptCore/runtime/ArgList.cpp

@@ -1 +1 @@
 /*
- *  Copyright (C) 2003-2017 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003, 2004, 2005, 2006, 2007, 2009, 2016 Apple Inc. All rights reserved.
  *
  *  This library is free software; you can redistribute it and/or
@@ -64 +64 @@
 }
 
-void MarkedArgumentBuffer::slowEnsureCapacity(size_t requestedCapacity)
-{
-    int newCapacity = Checked<int>(requestedCapacity).unsafeGet();
-    expandCapacity(newCapacity);
-}
-
 void MarkedArgumentBuffer::expandCapacity()
 {
     int newCapacity = (Checked<int>(m_capacity) * 2).unsafeGet();
-    expandCapacity(newCapacity);
-}
-
-void MarkedArgumentBuffer::expandCapacity(int newCapacity)
-{
-    ASSERT(m_capacity < newCapacity);
     size_t size = (Checked<size_t>(newCapacity) * sizeof(EncodedJSValue)).unsafeGet();
     EncodedJSValue* newBuffer = static_cast<EncodedJSValue*>(fastMalloc(size));

trunk/Source/JavaScriptCore/runtime/ArgList.h

@@ -1 +1 @@
 /*
  *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
- *  Copyright (C) 2003-2017 Apple Inc. All rights reserved.
+ *  Copyright (C) 2003, 2007, 2008, 2009, 2016 Apple Inc. All rights reserved.
  *
  *  This library is free software; you can redistribute it and/or
@@ -23 +23 @@
 
 #include "CallFrame.h"
-#include <wtf/ForbidHeapAllocation.h>
 #include <wtf/HashSet.h>
 
@@ -30 +29 @@
 class MarkedArgumentBuffer {
     WTF_MAKE_NONCOPYABLE(MarkedArgumentBuffer);
-    WTF_FORBID_HEAP_ALLOCATION;
     friend class VM;
     friend class ArgList;
@@ -97 +95 @@
     static void markLists(SlotVisitor&, ListSet&);
 
-    void ensureCapacity(size_t requestedCapacity)
-    {
-        if (requestedCapacity > static_cast<size_t>(m_capacity))
-            slowEnsureCapacity(requestedCapacity);
-    }
-
 private:
     void expandCapacity();
-    void expandCapacity(int newCapacity);
-    void slowEnsureCapacity(size_t requestedCapacity);
 
     void addMarkSet(JSValue);

trunk/Source/JavaScriptCore/runtime/StringPrototype.cpp

@@ -1 +1 @@
 /*
  *  Copyright (C) 1999-2001 Harri Porten (porten@kde.org)
- *  Copyright (C) 2004-2017 Apple Inc. All rights reserved.
+ *  Copyright (C) 2004-2008, 2013, 2016 Apple Inc. All rights reserved.
  *  Copyright (C) 2009 Torch Mobile, Inc.
  *  Copyright (C) 2015 Jordan Harband (ljharb@gmail.com)
@@ -540 +540 @@
 
                 unsigned i = 0;
-                cachedCall.clearArguments();
                 for (; i < regExp->numSubpatterns() + 1; ++i) {
                     int matchStart = ovector[i * 2];
@@ -546 +545 @@
 
                     if (matchStart < 0)
-                        cachedCall.appendArgument(jsUndefined());
+                        cachedCall.setArgument(i, jsUndefined());
                     else
-                        cachedCall.appendArgument(jsSubstring(&vm, source, matchStart, matchLen));
+                        cachedCall.setArgument(i, jsSubstring(&vm, source, matchStart, matchLen));
                 }
 
-                cachedCall.appendArgument(jsNumber(result.start));
-                cachedCall.appendArgument(string);
+                cachedCall.setArgument(i++, jsNumber(result.start));
+                cachedCall.setArgument(i++, string);
 
                 cachedCall.setThis(jsUndefined());
@@ -580 +579 @@
 
                 unsigned i = 0;
-                cachedCall.clearArguments();
                 for (; i < regExp->numSubpatterns() + 1; ++i) {
                     int matchStart = ovector[i * 2];
@@ -586 +584 @@
 
                     if (matchStart < 0)
-                        cachedCall.appendArgument(jsUndefined());
+                        cachedCall.setArgument(i, jsUndefined());
                     else
-                        cachedCall.appendArgument(jsSubstring(&vm, source, matchStart, matchLen));
+                        cachedCall.setArgument(i, jsSubstring(&vm, source, matchStart, matchLen));
                 }
 
-                cachedCall.appendArgument(jsNumber(result.start));
-                cachedCall.appendArgument(string);
+                cachedCall.setArgument(i++, jsNumber(result.start));
+                cachedCall.setArgument(i++, string);
 
                 cachedCall.setThis(jsUndefined());

trunk/Source/JavaScriptCore/runtime/VM.cpp

@@ -181 +181 @@
     , m_atomicStringTable(vmType == Default ? wtfThreadData().atomicStringTable() : new AtomicStringTable)
     , propertyNames(nullptr)
-    , emptyList(new ArgList)
+    , emptyList(new MarkedArgumentBuffer)
     , machineCodeBytesPerBytecodeWordForBaselineJIT(std::make_unique<SimpleStats>())
     , customGetterSetterFunctionMap(*this)

trunk/Source/JavaScriptCore/runtime/VM.h

@@ -386 +386 @@
     TemplateRegistryKeyTable m_templateRegistryKeytable;
     CommonIdentifiers* propertyNames;
-    const ArgList* emptyList;
+    const MarkedArgumentBuffer* emptyList; // Lists are supposed to be allocated on the stack to have their elements properly marked, which is not the case here - but this list has nothing to mark.
     SmallStrings smallStrings;
     NumericStrings numericStrings;

trunk/Source/WTF/ChangeLog

@@ +1 @@
+2017-02-20  Commit Queue  <commit-queue@webkit.org>
+
+        Unreviewed, rolling out r212618.
+        https://bugs.webkit.org/show_bug.cgi?id=168609
+
+        "Appears to cause PLT regression" (Requested by mlam on
+        #webkit).
+
+        Reverted changeset:
+
+        "CachedCall should let GC know to keep its arguments alive."
+        https://bugs.webkit.org/show_bug.cgi?id=168567
+        http://trac.webkit.org/changeset/212618
+
 2017-02-20  Carlos Garcia Campos  <cgarcia@igalia.com>
 

trunk/Source/WTF/WTF.xcodeproj/project.pbxproj

@@ -369 +369 @@
                 EB95E1F0161A72410089A2F5 /* ByteOrder.h in Headers */ = {isa = PBXBuildFile; fileRef = EB95E1EF161A72410089A2F5 /* ByteOrder.h */; };
                 FE8225311B2A1E5B00BA68FD /* NakedPtr.h in Headers */ = {isa = PBXBuildFile; fileRef = FE8225301B2A1E5B00BA68FD /* NakedPtr.h */; };
-                FE86A8751E59440200111BBF /* ForbidHeapAllocation.h in Headers */ = {isa = PBXBuildFile; fileRef = FE86A8741E59440200111BBF /* ForbidHeapAllocation.h */; };
                 FE8925B01D00DAEC0046907E /* Indenter.h in Headers */ = {isa = PBXBuildFile; fileRef = FE8925AF1D00DAEC0046907E /* Indenter.h */; };
                 FEDACD3D1630F83F00C69634 /* StackStats.cpp in Sources */ = {isa = PBXBuildFile; fileRef = FEDACD3B1630F83F00C69634 /* StackStats.cpp */; };
@@ -753 +752 @@
                 F72BBDB107FA424886178B9E /* SymbolImpl.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = SymbolImpl.cpp; sourceTree = "<group>"; };
                 FE8225301B2A1E5B00BA68FD /* NakedPtr.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NakedPtr.h; sourceTree = "<group>"; };
-                FE86A8741E59440200111BBF /* ForbidHeapAllocation.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ForbidHeapAllocation.h; sourceTree = "<group>"; };
                 FE8925AF1D00DAEC0046907E /* Indenter.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Indenter.h; sourceTree = "<group>"; };
                 FEDACD3B1630F83F00C69634 /* StackStats.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = StackStats.cpp; sourceTree = "<group>"; };
@@ -965 +963 @@
                                 0F9D335C165DBA73005AD387 /* FilePrintStream.h */,
                                 0F2B66A517B6B4F700A7AE3F /* FlipBytes.h */,
-                                FE86A8741E59440200111BBF /* ForbidHeapAllocation.h */,
                                 A8A472A6151A825A004123FF /* Forward.h */,
                                 83F2BADE1CF9524E003E99C3 /* Function.h */,
@@ -1422 +1419 @@
                                 1A1D8B9C173186CE00141DA4 /* FunctionDispatcher.h in Headers */,
                                 A8A473CA151A825B004123FF /* GetPtr.h in Headers */,
-                                FE86A8751E59440200111BBF /* ForbidHeapAllocation.h in Headers */,
                                 0FEC84AF1BD825310080FF74 /* GraphNodeWorklist.h in Headers */,
                                 2C05385415BC819000F21B96 /* GregorianDateTime.h in Headers */,