Changeset 232461 in webkit
- Timestamp:
- Jun 3, 2018 9:13:42 PM (6 years ago)
- Location:
- trunk/Source/JavaScriptCore
- Files:
-
- 18 edited
-
ChangeLog (modified) (1 diff)
-
dfg/DFGAbstractHeap.h (modified) (1 diff)
-
dfg/DFGAbstractInterpreterInlines.h (modified) (1 diff)
-
dfg/DFGByteCodeParser.cpp (modified) (1 diff)
-
dfg/DFGClobberize.h (modified) (1 diff)
-
dfg/DFGDoesGC.cpp (modified) (1 diff)
-
dfg/DFGFixupPhase.cpp (modified) (1 diff)
-
dfg/DFGMayExit.cpp (modified) (1 diff)
-
dfg/DFGNodeType.h (modified) (1 diff)
-
dfg/DFGOSREntry.cpp (modified) (1 diff)
-
dfg/DFGPredictionPropagationPhase.cpp (modified) (1 diff)
-
dfg/DFGSafeToExecute.h (modified) (1 diff)
-
dfg/DFGSpeculativeJIT.cpp (modified) (1 diff)
-
dfg/DFGSpeculativeJIT.h (modified) (1 diff)
-
dfg/DFGSpeculativeJIT32_64.cpp (modified) (1 diff)
-
dfg/DFGSpeculativeJIT64.cpp (modified) (1 diff)
-
ftl/FTLCapabilities.cpp (modified) (1 diff)
-
ftl/FTLLowerDFGToB3.cpp (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/JavaScriptCore/ChangeLog
r232452 r232461 1 2018-06-03 Yusuke Suzuki <utatane.tea@gmail.com> 2 3 LayoutTests/fast/css/parsing-css-matches-7.html always abandons its Document (disabling JIT fixes it) 4 https://bugs.webkit.org/show_bug.cgi?id=186223 5 6 Reviewed by Keith Miller. 7 8 After preparing catchOSREntryBuffer, we do not clear the active length of this scratch buffer. 9 It makes this buffer conservative GC root, and allows it to hold GC objects unnecessarily long. 10 11 This patch introduces DFG ClearCatchLocals node, which clears catchOSREntryBuffer's active length. 12 We model ExtractCatchLocal and ClearCatchLocals appropriately in DFG clobberize too to make 13 this ClearCatchLocals valid. 14 15 The existing tests for ExtractCatchLocal just pass. 16 17 * dfg/DFGAbstractHeap.h: 18 * dfg/DFGAbstractInterpreterInlines.h: 19 (JSC::DFG::AbstractInterpreter<AbstractStateType>::executeEffects): 20 * dfg/DFGByteCodeParser.cpp: 21 (JSC::DFG::ByteCodeParser::parseBlock): 22 * dfg/DFGClobberize.h: 23 (JSC::DFG::clobberize): 24 * dfg/DFGDoesGC.cpp: 25 (JSC::DFG::doesGC): 26 * dfg/DFGFixupPhase.cpp: 27 (JSC::DFG::FixupPhase::fixupNode): 28 * dfg/DFGMayExit.cpp: 29 * dfg/DFGNodeType.h: 30 * dfg/DFGOSREntry.cpp: 31 (JSC::DFG::prepareCatchOSREntry): 32 * dfg/DFGPredictionPropagationPhase.cpp: 33 * dfg/DFGSafeToExecute.h: 34 (JSC::DFG::safeToExecute): 35 * dfg/DFGSpeculativeJIT.cpp: 36 (JSC::DFG::SpeculativeJIT::compileClearCatchLocals): 37 * dfg/DFGSpeculativeJIT.h: 38 * dfg/DFGSpeculativeJIT32_64.cpp: 39 (JSC::DFG::SpeculativeJIT::compile): 40 * dfg/DFGSpeculativeJIT64.cpp: 41 (JSC::DFG::SpeculativeJIT::compile): 42 * ftl/FTLCapabilities.cpp: 43 (JSC::FTL::canCompile): 44 * ftl/FTLLowerDFGToB3.cpp: 45 (JSC::FTL::DFG::LowerDFGToB3::compileNode): 46 (JSC::FTL::DFG::LowerDFGToB3::compileClearCatchLocals): 47 1 48 2018-06-02 Darin Adler <darin@apple.com> 2 49 -
trunk/Source/JavaScriptCore/dfg/DFGAbstractHeap.h
r231787 r232461 78 78 macro(JSWeakSetFields) \ 79 79 macro(InternalState) \ 80 macro(CatchLocals) \ 80 81 macro(Absolute) \ 81 82 /* DOMJIT tells the heap range with the pair of integers. */\ -
trunk/Source/JavaScriptCore/dfg/DFGAbstractInterpreterInlines.h
r232442 r232461 3530 3530 case ZombieHint: 3531 3531 case ExitOK: 3532 case ClearCatchLocals: 3532 3533 break; 3533 3534 -
trunk/Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
r232442 r232461 5681 5681 localsToSet.uncheckedAppend(std::make_pair(operand, value)); 5682 5682 }); 5683 if (numberOfLocals) 5684 addToGraph(ClearCatchLocals); 5683 5685 5684 5686 if (!m_graph.m_maxLocalsForCatchOSREntry) -
trunk/Source/JavaScriptCore/dfg/DFGClobberize.h
r232442 r232461 145 145 case CheckVarargs: 146 146 case ExtractOSREntryLocal: 147 case CheckStructureImmediate: 148 return; 149 147 150 case ExtractCatchLocal: 148 case CheckStructureImmediate: 151 read(AbstractHeap(CatchLocals, node->catchOSREntryIndex())); 152 return; 153 154 case ClearCatchLocals: 155 write(CatchLocals); 149 156 return; 150 157 -
trunk/Source/JavaScriptCore/dfg/DFGDoesGC.cpp
r232442 r232461 225 225 case WeakMapSet: 226 226 case Unreachable: 227 case ExtractOSREntryLocal: 227 228 case ExtractCatchLocal: 228 case ExtractOSREntryLocal:229 case ClearCatchLocals: 229 230 case CheckTierUpInLoop: 230 231 case CheckTierUpAtReturn: -
trunk/Source/JavaScriptCore/dfg/DFGFixupPhase.cpp
r232442 r232461 2168 2168 case ExtractOSREntryLocal: 2169 2169 case ExtractCatchLocal: 2170 case ClearCatchLocals: 2170 2171 case LoopHint: 2171 2172 case MovHint: -
trunk/Source/JavaScriptCore/dfg/DFGMayExit.cpp
r231195 r232461 93 93 case ExtractOSREntryLocal: 94 94 case ExtractCatchLocal: 95 case ClearCatchLocals: 95 96 case LogicalNot: 96 97 case NotifyWrite: -
trunk/Source/JavaScriptCore/dfg/DFGNodeType.h
r232442 r232461 97 97 macro(ExtractOSREntryLocal, NodeResultJS) \ 98 98 macro(ExtractCatchLocal, NodeResultJS) \ 99 macro(ClearCatchLocals, NodeMustGenerate) \ 99 100 \ 100 101 /* Tier-up checks from the DFG to the FTL. */\ -
trunk/Source/JavaScriptCore/dfg/DFGOSREntry.cpp
r230748 r232461 401 401 }); 402 402 403 // The active length of catchOSREntryBuffer will be zeroed by ClearCatchLocals node. 403 404 dfgCommon->catchOSREntryBuffer->setActiveLength(sizeof(JSValue) * index); 404 405 return catchEntrypoint->machineCode; -
trunk/Source/JavaScriptCore/dfg/DFGPredictionPropagationPhase.cpp
r232442 r232461 1215 1215 case WeakSetAdd: 1216 1216 case WeakMapSet: 1217 case ClearCatchLocals: 1217 1218 break; 1218 1219 -
trunk/Source/JavaScriptCore/dfg/DFGSafeToExecute.h
r232442 r232461 374 374 case ExtractOSREntryLocal: 375 375 case ExtractCatchLocal: 376 case ClearCatchLocals: 376 377 case CheckTierUpInLoop: 377 378 case CheckTierUpAtReturn: -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
r232442 r232461 12940 12940 } 12941 12941 12942 void SpeculativeJIT::compileClearCatchLocals(Node* node) 12943 { 12944 ScratchBuffer* scratchBuffer = m_jit.jitCode()->common.catchOSREntryBuffer; 12945 ASSERT(scratchBuffer); 12946 GPRTemporary scratch(this); 12947 GPRReg scratchGPR = scratch.gpr(); 12948 m_jit.move(TrustedImmPtr(scratchBuffer->addressOfActiveLength()), scratchGPR); 12949 m_jit.storePtr(TrustedImmPtr(nullptr), scratchGPR); 12950 noResult(node); 12951 } 12952 12942 12953 void SpeculativeJIT::compileProfileType(Node* node) 12943 12954 { -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.h
r232442 r232461 1481 1481 void compileHasIndexedProperty(Node*); 1482 1482 void compileExtractCatchLocal(Node*); 1483 void compileClearCatchLocals(Node*); 1483 1484 void compileProfileType(Node*); 1484 1485 -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT32_64.cpp
r232444 r232461 4039 4039 break; 4040 4040 } 4041 4042 case ClearCatchLocals: 4043 compileClearCatchLocals(node); 4044 break; 4041 4045 4042 4046 case CheckStructureOrEmpty: -
trunk/Source/JavaScriptCore/dfg/DFGSpeculativeJIT64.cpp
r232444 r232461 4548 4548 break; 4549 4549 } 4550 4551 case ClearCatchLocals: 4552 compileClearCatchLocals(node); 4553 break; 4550 4554 4551 4555 #if ENABLE(FTL_JIT) -
trunk/Source/JavaScriptCore/ftl/FTLCapabilities.cpp
r232442 r232461 116 116 case ExtractOSREntryLocal: 117 117 case ExtractCatchLocal: 118 case ClearCatchLocals: 118 119 case LoopHint: 119 120 case SkipScope: -
trunk/Source/JavaScriptCore/ftl/FTLLowerDFGToB3.cpp
r232442 r232461 568 568 compileExtractCatchLocal(); 569 569 break; 570 case ClearCatchLocals: 571 compileClearCatchLocals(); 572 break; 570 573 case GetStack: 571 574 compileGetStack(); … … 1694 1697 EncodedJSValue* buffer = static_cast<EncodedJSValue*>(m_ftlState.jitCode->common.catchOSREntryBuffer->dataBuffer()); 1695 1698 setJSValue(m_out.load64(m_out.absolute(buffer + m_node->catchOSREntryIndex()))); 1699 } 1700 1701 void compileClearCatchLocals() 1702 { 1703 ScratchBuffer* scratchBuffer = m_ftlState.jitCode->common.catchOSREntryBuffer; 1704 ASSERT(scratchBuffer); 1705 m_out.storePtr(m_out.constIntPtr(0), m_out.absolute(scratchBuffer->addressOfActiveLength())); 1696 1706 } 1697 1707
Note: See TracChangeset
for help on using the changeset viewer.
