Changeset 247900 in webkit


Ignore:
Timestamp:
Jul 28, 2019 9:31:04 PM (5 years ago)
Author:
commit-queue@webkit.org
Message:

Unreviewed, rolling out r247886.
https://bugs.webkit.org/show_bug.cgi?id=200214

"Causes PLT5 regression on some machines" (Requested by mlam|a
on #webkit).

Reverted changeset:

"Add crash diagnostics for debugging unexpected zapped cells."
https://bugs.webkit.org/show_bug.cgi?id=200149
https://trac.webkit.org/changeset/247886

Location:
trunk/Source
Files:
16 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/JavaScriptCore/ChangeLog

    r247889 r247900  
     12019-07-28  Commit Queue  <commit-queue@webkit.org>
     2
     3        Unreviewed, rolling out r247886.
     4        https://bugs.webkit.org/show_bug.cgi?id=200214
     5
     6        "Causes PLT5 regression on some machines" (Requested by mlam|a
     7        on #webkit).
     8
     9        Reverted changeset:
     10
     11        "Add crash diagnostics for debugging unexpected zapped cells."
     12        https://bugs.webkit.org/show_bug.cgi?id=200149
     13        https://trac.webkit.org/changeset/247886
     14
    1152019-07-27  Justin Michaud  <justin_michaud@apple.com>
    216
  • trunk/Source/JavaScriptCore/heap/FreeList.h

    r247886 r247900  
    11/*
    2  * Copyright (C) 2016-2019 Apple Inc. All rights reserved.
     2 * Copyright (C) 2016-2017 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    5454    }
    5555   
    56     static ptrdiff_t offsetOfScrambledNext() { return OBJECT_OFFSETOF(FreeCell, scrambledNext); }
    57 
    58     uint64_t preservedBitsForCrashAnalysis;
    5956    uintptr_t scrambledNext;
    6057};
  • trunk/Source/JavaScriptCore/heap/HeapCell.h

    r247886 r247900  
    11/*
    2  * Copyright (C) 2016-2019 Apple Inc. All rights reserved.
     2 * Copyright (C) 2016-2018 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    4848    HeapCell() { }
    4949   
    50     // We're intentionally only zapping the bits for the structureID and leaving
    51     // the rest of the cell header bits intact for crash analysis uses.
    52     enum ZapReason : int8_t { Unspecified, Destruction, StopAllocating };
    53     void zap(ZapReason reason)
    54     {
    55         uint32_t* cellWords = bitwise_cast<uint32_t*>(this);
    56         cellWords[0] = 0;
    57         // Leaving cellWords[1] alone for crash analysis if needed.
    58         cellWords[2] = reason;
    59     }
    60     bool isZapped() const { return !*bitwise_cast<const uint32_t*>(this); }
     50    void zap() { *reinterpret_cast_ptr<uintptr_t**>(this) = 0; }
     51    bool isZapped() const { return !*reinterpret_cast_ptr<uintptr_t* const*>(this); }
    6152
    6253    bool isLive();
  • trunk/Source/JavaScriptCore/heap/MarkedBlock.cpp

    r247886 r247900  
    162162                dataLog("Free cell: ", RawPointer(cell), "\n");
    163163            if (m_attributes.destruction == NeedsDestruction)
    164                 cell->zap(HeapCell::StopAllocating);
     164                cell->zap();
    165165            block().clearNewlyAllocated(cell);
    166166        });
  • trunk/Source/JavaScriptCore/heap/MarkedBlock.h

    r247886 r247900  
    199199        void didRemoveFromDirectory();
    200200       
    201         void* start() const { return &m_block->atoms()[0]; }
    202         void* end() const { return &m_block->atoms()[m_endAtom]; }
    203         bool contains(void* p) const { return start() <= p && p < end(); }
    204 
    205201        void dumpState(PrintStream&);
    206202       
  • trunk/Source/JavaScriptCore/heap/MarkedBlockInlines.h

    r247886 r247900  
    11/*
    2  * Copyright (C) 2016-2019 Apple Inc. All rights reserved.
     2 * Copyright (C) 2016-2018 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    259259        if (!jsCell->isZapped()) {
    260260            destroyFunc(vm, jsCell);
    261             jsCell->zap(HeapCell::Destruction);
     261            jsCell->zap();
    262262        }
    263263    };
  • trunk/Source/JavaScriptCore/heap/MarkedSpace.h

    r247886 r247900  
    125125    template<typename Functor> void forEachDeadCell(HeapIterationScope&, const Functor&);
    126126    template<typename Functor> void forEachBlock(const Functor&);
    127     template<typename Functor> void forEachSubspace(const Functor&);
    128127
    129128    void shrink();
     
    242241}
    243242
    244 template<typename Functor>
    245 void MarkedSpace::forEachSubspace(const Functor& functor)
    246 {
    247     for (auto subspace : m_subspaces) {
    248         if (functor(*subspace) == IterationStatus::Done)
    249             return;
    250     }
    251 }
    252 
    253 
    254243ALWAYS_INLINE size_t MarkedSpace::optimalSizeFor(size_t bytes)
    255244{
  • trunk/Source/JavaScriptCore/heap/SlotVisitor.cpp

    r247886 r247900  
    287287{
    288288    ASSERT(m_heap.isMarked(cell));
    289 #if CPU(X86_64)
    290     if (UNLIKELY(cell->isZapped()))
    291         reportZappedCellAndCrash(cell);
    292 #else
    293289    ASSERT(!cell->isZapped());
    294 #endif
    295 
     290   
    296291    container.noteMarked();
    297292   
     
    391386        // FIXME: This could be so much better.
    392387        // https://bugs.webkit.org/show_bug.cgi?id=162462
    393 #if CPU(X86_64)
    394         Structure* structure = cell->structure(vm());
    395         if (LIKELY(structure)) {
    396             const MethodTable* methodTable = &structure->classInfo()->methodTable;
    397             methodTable->visitChildren(const_cast<JSCell*>(cell), *this);
    398             break;
    399         }
    400         reportZappedCellAndCrash(const_cast<JSCell*>(cell));
    401 #else
    402388        cell->methodTable(vm())->visitChildren(const_cast<JSCell*>(cell), *this);
    403 #endif
    404389        break;
    405390    }
     
    820805}
    821806
    822 #if CPU(X86_64)
    823 NEVER_INLINE NO_RETURN_DUE_TO_CRASH NOT_TAIL_CALLED void SlotVisitor::reportZappedCellAndCrash(JSCell* cell)
    824 {
    825     MarkedBlock::Handle* foundBlock = nullptr;
    826     uint32_t* cellWords = reinterpret_cast_ptr<uint32_t*>(this);
    827 
    828     uintptr_t cellAddress = bitwise_cast<uintptr_t>(cell);
    829     uintptr_t headerWord = cellWords[1];
    830     uintptr_t zapReason = cellWords[2];
    831     unsigned subspaceHash = 0;
    832     size_t cellSize = 0;
    833 
    834     // FIXME: This iteration may crash because the mutator may race against us
    835     // to add / remove blocks. That said, this should be rare and is not too
    836     // detrimental to the purpose of this function. We will crash imminently
    837     // anyway, and the most profitable crash info comes from the crash trace.
    838     // If the race does not crash this iteration (which should be the common
    839     // case), then we'll get additional info to debug the crash with. If the
    840     // race does crash this iteration, then we still have the crash trace to
    841     // work with.
    842     // https://bugs.webkit.org/show_bug.cgi?id=200183
    843     m_heap.objectSpace().forEachBlock([&] (MarkedBlock::Handle* block) {
    844         if (block->contains(cell)) {
    845             foundBlock = block;
    846             return IterationStatus::Done;
    847         }
    848         return IterationStatus::Continue;
    849     });
    850 
    851     if (foundBlock) {
    852         subspaceHash = StringHasher::computeHash(foundBlock->subspace()->name());
    853         cellSize = foundBlock->cellSize();
    854     }
    855 
    856     CRASH_WITH_INFO(cellAddress, headerWord, zapReason, subspaceHash, cellSize);
    857 }
    858 #endif // CPU(X86_64)
    859 
    860807} // namespace JSC
  • trunk/Source/JavaScriptCore/heap/SlotVisitor.h

    r247886 r247900  
    226226    bool didReachTermination(const AbstractLocker&);
    227227
    228 #if CPU(X86_64)
    229     NEVER_INLINE NO_RETURN_DUE_TO_CRASH NOT_TAIL_CALLED void reportZappedCellAndCrash(JSCell*);
    230 #endif
    231 
    232228    template<typename Func>
    233229    IterationStatus forEachMarkStack(const Func&);
  • trunk/Source/JavaScriptCore/jit/AssemblyHelpers.cpp

    r247886 r247900  
    547547    // The object is half-allocated: we have what we know is a fresh object, but
    548548    // it's still on the GC's free list.
    549     loadPtr(Address(resultGPR, FreeCell::offsetOfScrambledNext()), scratchGPR);
     549    loadPtr(Address(resultGPR), scratchGPR);
    550550    storePtr(scratchGPR, Address(allocatorGPR, LocalAllocator::offsetOfFreeList() + FreeList::offsetOfScrambledHead()));
    551551       
  • trunk/Source/JavaScriptCore/runtime/VM.cpp

    r247888 r247900  
    266266    , webAssemblyFunctionHeapCellType(std::make_unique<WebAssemblyFunctionHeapCellType>())
    267267#endif
    268     , primitiveGigacageAuxiliarySpace("Primitive Gigacage Auxiliary", heap, auxiliaryHeapCellType.get(), primitiveGigacageAllocator.get()) // Hash:0x3e7cd762
    269     , jsValueGigacageAuxiliarySpace("JSValue Gigacage Auxiliary", heap, auxiliaryHeapCellType.get(), jsValueGigacageAllocator.get()) // Hash:0x241e946
    270     , immutableButterflyJSValueGigacageAuxiliarySpace("ImmutableButterfly Gigacage JSCellWithInteriorPointers", heap, immutableButterflyHeapCellType.get(), jsValueGigacageAllocator.get()) // Hash:0x7a945300
    271     , cellSpace("JSCell", heap, cellHeapCellType.get(), fastMallocAllocator.get()) // Hash:0xadfb5a79
    272     , jsValueGigacageCellSpace("JSValue Gigacage JSCell", heap, cellHeapCellType.get(), jsValueGigacageAllocator.get()) // Hash:0x2f5b102b
    273     , destructibleCellSpace("Destructible JSCell", heap, destructibleCellHeapCellType.get(), fastMallocAllocator.get()) // Hash:0xbfff3d73
    274     , stringSpace("JSString", heap, stringHeapCellType.get(), fastMallocAllocator.get()) // Hash:0x90cf758f
    275     , destructibleObjectSpace("JSDestructibleObject", heap, destructibleObjectHeapCellType.get(), fastMallocAllocator.get()) // Hash:0x4f5ed7a9
    276     , eagerlySweptDestructibleObjectSpace("Eagerly Swept JSDestructibleObject", heap, destructibleObjectHeapCellType.get(), fastMallocAllocator.get()) // Hash:0x6ebf28e2
    277     , executableToCodeBlockEdgeSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), ExecutableToCodeBlockEdge) // Hash:0x7b730b20
    278     , functionSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), JSFunction) // Hash:0x800fca72
    279     , internalFunctionSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), InternalFunction) // Hash:0xf845c464
    280     , nativeExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), NativeExecutable) // Hash:0x67567f95
    281     , propertyTableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), PropertyTable) // Hash:0xc6bc9f12
    282     , structureRareDataSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), StructureRareData) // Hash:0xaca4e62d
    283     , structureSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), Structure) // Hash:0x1f1bcdca
    284     , symbolTableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), SymbolTable) // Hash:0xc5215afd
     268    , primitiveGigacageAuxiliarySpace("Primitive Gigacage Auxiliary", heap, auxiliaryHeapCellType.get(), primitiveGigacageAllocator.get())
     269    , jsValueGigacageAuxiliarySpace("JSValue Gigacage Auxiliary", heap, auxiliaryHeapCellType.get(), jsValueGigacageAllocator.get())
     270    , immutableButterflyJSValueGigacageAuxiliarySpace("ImmutableButterfly Gigacage JSCellWithInteriorPointers", heap, immutableButterflyHeapCellType.get(), jsValueGigacageAllocator.get())
     271    , cellSpace("JSCell", heap, cellHeapCellType.get(), fastMallocAllocator.get())
     272    , jsValueGigacageCellSpace("JSValue Gigacage JSCell", heap, cellHeapCellType.get(), jsValueGigacageAllocator.get())
     273    , destructibleCellSpace("Destructible JSCell", heap, destructibleCellHeapCellType.get(), fastMallocAllocator.get())
     274    , stringSpace("JSString", heap, stringHeapCellType.get(), fastMallocAllocator.get())
     275    , destructibleObjectSpace("JSDestructibleObject", heap, destructibleObjectHeapCellType.get(), fastMallocAllocator.get())
     276    , eagerlySweptDestructibleObjectSpace("Eagerly Swept JSDestructibleObject", heap, destructibleObjectHeapCellType.get(), fastMallocAllocator.get())
     277    , executableToCodeBlockEdgeSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), ExecutableToCodeBlockEdge)
     278    , functionSpace ISO_SUBSPACE_INIT(heap, cellHeapCellType.get(), JSFunction)
     279    , internalFunctionSpace ISO_SUBSPACE_INIT(heap, destructibleObjectHeapCellType.get(), InternalFunction)
     280    , nativeExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), NativeExecutable)
     281    , propertyTableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), PropertyTable)
     282    , structureRareDataSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), StructureRareData)
     283    , structureSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), Structure)
     284    , symbolTableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), SymbolTable)
    285285    , executableToCodeBlockEdgesWithConstraints(executableToCodeBlockEdgeSpace)
    286286    , executableToCodeBlockEdgesWithFinalizers(executableToCodeBlockEdgeSpace)
    287     , codeBlockSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), CodeBlock) // Hash:0x77e66ec9
    288     , functionExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), FunctionExecutable) // Hash:0x5d158f3
    289     , programExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), ProgramExecutable) // Hash:0x527c77e7
    290     , unlinkedFunctionExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), UnlinkedFunctionExecutable) // Hash:0xf6b828d9
     287    , codeBlockSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), CodeBlock)
     288    , functionExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), FunctionExecutable)
     289    , programExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), ProgramExecutable)
     290    , unlinkedFunctionExecutableSpace ISO_SUBSPACE_INIT(heap, destructibleCellHeapCellType.get(), UnlinkedFunctionExecutable)
    291291    , vmType(vmType)
    292292    , clientData(0)
     
    12441244
    12451245
    1246 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(boundFunctionSpace, cellHeapCellType.get(), JSBoundFunction) // Hash:0xd7916d41
    1247 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(callbackFunctionSpace, destructibleObjectHeapCellType.get(), JSCallbackFunction) // Hash:0xe7648ebc
    1248 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(customGetterSetterFunctionSpace, cellHeapCellType.get(), JSCustomGetterSetterFunction) // Hash:0x18091000
    1249 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(errorInstanceSpace, destructibleObjectHeapCellType.get(), ErrorInstance) // Hash:0x3f40d4a
    1250 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(nativeStdFunctionSpace, cellHeapCellType.get(), JSNativeStdFunction) // Hash:0x70ed61e4
    1251 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(proxyRevokeSpace, destructibleObjectHeapCellType.get(), ProxyRevoke) // Hash:0xb506a939
    1252 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(weakMapSpace, destructibleObjectHeapCellType.get(), JSWeakMap) // Hash:0x662b12a3
    1253 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(weakSetSpace, destructibleObjectHeapCellType.get(), JSWeakSet) // Hash:0x4c781b30
    1254 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(weakObjectRefSpace, cellHeapCellType.get(), JSWeakObjectRef) // Hash:0x8ec68f1f
     1246DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(boundFunctionSpace, cellHeapCellType.get(), JSBoundFunction)
     1247DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(callbackFunctionSpace, destructibleObjectHeapCellType.get(), JSCallbackFunction)
     1248DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(customGetterSetterFunctionSpace, cellHeapCellType.get(), JSCustomGetterSetterFunction)
     1249DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(errorInstanceSpace, destructibleObjectHeapCellType.get(), ErrorInstance)
     1250DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(nativeStdFunctionSpace, cellHeapCellType.get(), JSNativeStdFunction)
     1251DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(proxyRevokeSpace, destructibleObjectHeapCellType.get(), ProxyRevoke)
     1252DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(weakMapSpace, destructibleObjectHeapCellType.get(), JSWeakMap)
     1253DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(weakSetSpace, destructibleObjectHeapCellType.get(), JSWeakSet)
     1254DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(weakObjectRefSpace, cellHeapCellType.get(), JSWeakObjectRef)
    12551255#if JSC_OBJC_API_ENABLED
    1256 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(objCCallbackFunctionSpace, destructibleObjectHeapCellType.get(), ObjCCallbackFunction) // Hash:0x10f610b8
     1256DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(objCCallbackFunctionSpace, destructibleObjectHeapCellType.get(), ObjCCallbackFunction)
    12571257#endif
    12581258#if ENABLE(WEBASSEMBLY)
    1259 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(webAssemblyCodeBlockSpace, webAssemblyCodeBlockHeapCellType.get(), JSWebAssemblyCodeBlock) // Hash:0x9ad995cd
    1260 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(webAssemblyFunctionSpace, webAssemblyFunctionHeapCellType.get(), WebAssemblyFunction) // Hash:0x8b7c32db
    1261 DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(webAssemblyWrapperFunctionSpace, cellHeapCellType.get(), WebAssemblyWrapperFunction) // Hash:0xd4a5ff01
     1259DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(webAssemblyCodeBlockSpace, webAssemblyCodeBlockHeapCellType.get(), JSWebAssemblyCodeBlock)
     1260DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(webAssemblyFunctionSpace, webAssemblyFunctionHeapCellType.get(), WebAssemblyFunction)
     1261DYNAMIC_ISO_SUBSPACE_DEFINE_MEMBER_SLOW(webAssemblyWrapperFunctionSpace, cellHeapCellType.get(), WebAssemblyWrapperFunction)
    12621262#endif
    12631263
     
    12741274    }
    12751275
    1276 DYNAMIC_SPACE_AND_SET_DEFINE_MEMBER_SLOW(evalExecutableSpace, destructibleCellHeapCellType.get(), EvalExecutable) // Hash:0x958e3e9d
    1277 DYNAMIC_SPACE_AND_SET_DEFINE_MEMBER_SLOW(moduleProgramExecutableSpace, destructibleCellHeapCellType.get(), ModuleProgramExecutable) // Hash:0x6506fa3c
     1276DYNAMIC_SPACE_AND_SET_DEFINE_MEMBER_SLOW(evalExecutableSpace, destructibleCellHeapCellType.get(), EvalExecutable)
     1277DYNAMIC_SPACE_AND_SET_DEFINE_MEMBER_SLOW(moduleProgramExecutableSpace, destructibleCellHeapCellType.get(), ModuleProgramExecutable)
    12781278
    12791279#undef DYNAMIC_SPACE_AND_SET_DEFINE_MEMBER_SLOW
  • trunk/Source/JavaScriptCore/tools/JSDollarVM.cpp

    r247886 r247900  
    11/*
    2  * Copyright (C) 2015-2019 Apple Inc. All rights reserved.
     2 * Copyright (C) 2015-2018 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    13941394}
    13951395
    1396 // Dumps the hashes of all subspaces currently registered with the VM.
    1397 // Usage: $vm.dumpSubspaceHashes()
    1398 static EncodedJSValue JSC_HOST_CALL functionDumpSubspaceHashes(ExecState* exec)
    1399 {
    1400     VM& vm = exec->vm();
    1401     VMInspector::dumpSubspaceHashes(&vm);
    1402     return JSValue::encode(jsUndefined());
    1403 }
    1404 
    14051396// Gets a JSDollarVMCallFrame for a specified frame index.
    14061397// Usage: var callFrame = $vm.callFrame(0) // frame 0 is the top frame.
     
    22292220    addFunction(vm, "gc", functionGC, 0);
    22302221    addFunction(vm, "edenGC", functionEdenGC, 0);
    2231     addFunction(vm, "dumpSubspaceHashes", functionDumpSubspaceHashes, 0);
    22322222
    22332223    addFunction(vm, "callFrame", functionCallFrame, 1);
  • trunk/Source/JavaScriptCore/tools/VMInspector.cpp

    r247886 r247900  
    11/*
    2  * Copyright (C) 2017-2019 Apple Inc. All rights reserved.
     2 * Copyright (C) 2017-2018 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    627627}
    628628
    629 void VMInspector::dumpSubspaceHashes(VM* vm)
    630 {
    631     unsigned count = 0;
    632     vm->heap.objectSpace().forEachSubspace([&] (const Subspace& subspace) -> IterationStatus {
    633         const char* name = subspace.name();
    634         unsigned hash = StringHasher::computeHash(name);
    635         void* hashAsPtr = reinterpret_cast<void*>(static_cast<uintptr_t>(hash));
    636         dataLogLn("    [", count++, "] ", name, " Hash:", RawPointer(hashAsPtr));
    637         return IterationStatus::Continue;
    638     });
    639     dataLogLn();
    640 }
    641 
    642629} // namespace JSC
  • trunk/Source/JavaScriptCore/tools/VMInspector.h

    r247886 r247900  
    11/*
    2  * Copyright (C) 2017-2019 Apple Inc. All rights reserved.
     2 * Copyright (C) 2017-2018 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    7979    JS_EXPORT_PRIVATE static void dumpCellMemory(JSCell*);
    8080    JS_EXPORT_PRIVATE static void dumpCellMemoryToStream(JSCell*, PrintStream&);
    81     JS_EXPORT_PRIVATE static void dumpSubspaceHashes(VM*);
    8281
    8382private:
  • trunk/Source/WebCore/ChangeLog

    r247899 r247900  
     12019-07-28  Commit Queue  <commit-queue@webkit.org>
     2
     3        Unreviewed, rolling out r247886.
     4        https://bugs.webkit.org/show_bug.cgi?id=200214
     5
     6        "Causes PLT5 regression on some machines" (Requested by mlam|a
     7        on #webkit).
     8
     9        Reverted changeset:
     10
     11        "Add crash diagnostics for debugging unexpected zapped cells."
     12        https://bugs.webkit.org/show_bug.cgi?id=200149
     13        https://trac.webkit.org/changeset/247886
     14
    1152019-07-28  Tim Horton  <timothy_horton@apple.com>
    216
  • trunk/Source/WebCore/bindings/js/WebCoreJSClientData.cpp

    r247886 r247900  
    4444    : m_builtinFunctions(vm)
    4545    , m_builtinNames(&vm)
    46     , m_runtimeMethodSpace ISO_SUBSPACE_INIT(vm.heap, vm.destructibleObjectHeapCellType.get(), RuntimeMethod) // Hash:0xf70c4a85
    47     , m_outputConstraintSpace("WebCore Wrapper w/ Output Constraint", vm.heap, vm.destructibleObjectHeapCellType.get(), vm.fastMallocAllocator.get()) // Hash:0x7724c2e4
    48     , m_globalObjectOutputConstraintSpace("WebCore Global Object w/ Output Constraint", vm.heap, vm.cellHeapCellType.get(), vm.fastMallocAllocator.get()) // Hash:0x522d6ec9
     46    , m_runtimeMethodSpace ISO_SUBSPACE_INIT(vm.heap, vm.destructibleObjectHeapCellType.get(), RuntimeMethod)
     47    , m_outputConstraintSpace("WebCore Wrapper w/ Output Constraint", vm.heap, vm.destructibleObjectHeapCellType.get(), vm.fastMallocAllocator.get())
     48    , m_globalObjectOutputConstraintSpace("WebCore Global Object w/ Output Constraint", vm.heap, vm.cellHeapCellType.get(), vm.fastMallocAllocator.get())
    4949{
    5050}
Note: See TracChangeset for help on using the changeset viewer.