Changeset 244711 in webkit
- Timestamp:
- Apr 26, 2019 4:32:35 PM (5 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/JSTests/ChangeLog
r244708 r244711 1 2019-04-25 Yusuke Suzuki <ysuzuki@apple.com> 2 3 [JSC] linkPolymorphicCall now does GC 4 https://bugs.webkit.org/show_bug.cgi?id=197306 5 6 Reviewed by Saam Barati. 7 8 * stress/link-polymorphic-call-can-gc.js: Added. 9 (module): 10 (instance): 11 1 12 2019-04-26 Robin Morisset <rmorisset@apple.com> 2 13 -
trunk/Source/JavaScriptCore/ChangeLog
r244708 r244711 1 2019-04-25 Yusuke Suzuki <ysuzuki@apple.com> 2 3 [JSC] linkPolymorphicCall now does GC 4 https://bugs.webkit.org/show_bug.cgi?id=197306 5 6 Reviewed by Saam Barati. 7 8 Previously, we assumed that linkPolymorphicCall does not perform allocations. So we put CallVariant into a Vector<>. 9 But now, WebAssemblyFunction's entrypoint generation can allocate JSToWasmICCallee and cause GC. Since CallLinkInfo 10 does not hold these cells, they can be collected, and we will see dead cells in the middle of linkPolymorphicCall. 11 We should defer GC for a while in linkPolymorphicCall. We use DeferGCForAWhile instead of DeferGC because the 12 caller "operationLinkPolymorphicCall" assumes that this function does not cause GC. 13 14 * jit/Repatch.cpp: 15 (JSC::linkPolymorphicCall): 16 1 17 2019-04-26 Robin Morisset <rmorisset@apple.com> 2 18 -
trunk/Source/JavaScriptCore/jit/Repatch.cpp
r244204 r244711 956 956 { 957 957 RELEASE_ASSERT(callLinkInfo.allowStubs()); 958 959 CallFrame* callerFrame = exec->callerFrame(); 960 VM& vm = callerFrame->vm(); 961 962 // During execution of linkPolymorphicCall, we strongly assume that we never do GC. 963 // GC jettisons CodeBlocks, changes CallLinkInfo etc. and breaks assumption done before and after this call. 964 DeferGCForAWhile deferGCForAWhile(vm.heap); 958 965 959 966 if (!newVariant) { … … 962 969 } 963 970 964 CallFrame* callerFrame = exec->callerFrame();965 966 971 // Our caller must be have a cell for a callee. When calling 967 972 // this from Wasm, we ensure the callee is a cell. 968 973 ASSERT(callerFrame->callee().isCell()); 969 974 970 VM& vm = callerFrame->vm();971 975 CodeBlock* callerCodeBlock = callerFrame->codeBlock(); 972 976 bool isWebAssembly = isWebAssemblyToJSCallee(callerFrame->callee().asCell()); -
trunk/Tools/ChangeLog
r244706 r244711 1 2019-04-25 Yusuke Suzuki <ysuzuki@apple.com> 2 3 [JSC] linkPolymorphicCall now does GC 4 https://bugs.webkit.org/show_bug.cgi?id=197306 5 6 Reviewed by Saam Barati. 7 8 The test is sensitive to allocations and even adding $vm makes it non-reproducible. 9 To add this test, we add `runWithoutBaseOption`. 10 11 * Scripts/run-jsc-stress-tests: 12 1 13 2019-04-26 Alexey Proskuryakov <ap@apple.com> 2 14 -
trunk/Tools/Scripts/run-jsc-stress-tests
r244543 r244711 617 617 end 618 618 619 def runWithOutputHandlerWithoutBaseOption(kind, outputHandler, *options) 620 addRunCommand(kind, [pathToVM.to_s] + $testSpecificRequiredOptions + options + [$benchmark.to_s], outputHandler, simpleErrorHandler) 621 end 622 619 623 def run(kind, *options) 620 624 runWithOutputHandler(kind, silentOutputHandler, *options) 625 end 626 627 def runWithoutBaseOption(kind, *options) 628 runWithOutputHandlerWithoutBaseOption(kind, silentOutputHandler, *options) 621 629 end 622 630
Note: See TracChangeset
for help on using the changeset viewer.