Changeset 96372 in webkit

Timestamp:

Sep 29, 2011 3:52:45 PM (13 years ago)

Author:

oliver@apple.com

Message:

Add logic to collect dirty objects as roots
​https://bugs.webkit.org/show_bug.cgi?id=69100

Reviewed by Geoff Garen.

This gives us the ability to walk all the MarkedBlocks in an
AllocationSpace and collect the dirty objects, and then use
them as GC roots.

• dfg/DFGJITCodeGenerator.cpp:

(JSC::DFG::JITCodeGenerator::markCellCard):

• dfg/DFGJITCodeGenerator32_64.cpp:

(JSC::DFG::JITCodeGenerator::markCellCard):

• heap/AllocationSpace.cpp:

Tidy up the write barrier logic a bit

(JSC::MarkedBlock::gatherDirtyObjects):
(JSC::TakeIfDirty::returnValue):
(JSC::TakeIfDirty::TakeIfDirty):
(JSC::TakeIfDirty::operator()):
(JSC::AllocationSpace::gatherDirtyObjects):

• heap/AllocationSpace.h:
• heap/CardSet.h:

(JSC::::isCardMarked):
(JSC::::clearCard):

• heap/Heap.cpp:

(JSC::Heap::markRoots):

• heap/Heap.h:

(JSC::Heap::writeBarrier):

• heap/MarkStack.cpp:

(JSC::SlotVisitor::visitChildren):

• heap/MarkedBlock.h:

(JSC::MarkedBlock::setDirtyObject):
(JSC::MarkedBlock::addressOfCardFor):

• heap/SlotVisitor.h:
• jit/JITPropertyAccess.cpp:

(JSC::JIT::emitWriteBarrier):

Tidy the write barrier a bit

Location:

trunk/Source/JavaScriptCore

Files:

• ChangeLog (modified) (1 diff)
• dfg/DFGJITCodeGenerator.cpp (modified) (1 diff)
• dfg/DFGJITCodeGenerator32_64.cpp (modified) (1 diff)
• heap/AllocationSpace.cpp (modified) (1 diff)
• heap/AllocationSpace.h (modified) (1 diff)
• heap/CardSet.h (modified) (3 diffs)
• heap/Heap.cpp (modified) (1 diff)
• heap/Heap.h (modified) (1 diff)
• heap/HeapRootVisitor.h (modified) (2 diffs)
• heap/MarkStack.cpp (modified) (1 diff)
• heap/MarkedBlock.h (modified) (6 diffs)
• heap/SlotVisitor.h (modified) (1 diff)
• jit/JITPropertyAccess.cpp (modified) (1 diff)

trunk/Source/JavaScriptCore/ChangeLog

@@ +1 @@
+2011-09-29  Oliver Hunt  <oliver@apple.com>
+
+        Add logic to collect dirty objects as roots
+        https://bugs.webkit.org/show_bug.cgi?id=69100
+
+        Reviewed by Geoff Garen.
+
+        This gives us the ability to walk all the MarkedBlocks in an
+        AllocationSpace and collect the dirty objects, and then use
+        them as GC roots.
+        
+        I also rearranged the order of these instructions because it
+        makes them smaller on some platforms with some card sizes.
+
+        * dfg/DFGJITCodeGenerator.cpp:
+        (JSC::DFG::JITCodeGenerator::markCellCard):
+        * dfg/DFGJITCodeGenerator32_64.cpp:
+        (JSC::DFG::JITCodeGenerator::markCellCard):
+        * heap/AllocationSpace.cpp:
+           Tidy up the write barrier logic a bit.
+        (JSC::MarkedBlock::gatherDirtyObjects):
+        (JSC::TakeIfDirty::returnValue):
+        (JSC::TakeIfDirty::TakeIfDirty):
+        (JSC::TakeIfDirty::operator()):
+        (JSC::AllocationSpace::gatherDirtyObjects):
+        * heap/AllocationSpace.h:
+        * heap/CardSet.h:
+        (JSC::::isCardMarked):
+        (JSC::::clearCard):
+        * heap/Heap.cpp:
+        (JSC::Heap::markRoots):
+        * heap/Heap.h:
+        (JSC::Heap::writeBarrier):
+        * heap/MarkStack.cpp:
+        (JSC::SlotVisitor::visitChildren):
+        * heap/MarkedBlock.h:
+        (JSC::MarkedBlock::setDirtyObject):
+        (JSC::MarkedBlock::addressOfCardFor):
+        * heap/SlotVisitor.h:
+        * jit/JITPropertyAccess.cpp:
+        (JSC::JIT::emitWriteBarrier):
+           Tidy the write barrier a bit.
+
 2011-09-29  Gavin Barraclough  <barraclough@apple.com>
 

trunk/Source/JavaScriptCore/dfg/DFGJITCodeGenerator.cpp

@@ -1206 +1206 @@
     jit.andPtr(TrustedImm32(static_cast<int32_t>(MarkedBlock::blockMask)), scratch1);
     jit.move(owner, scratch2);
-    jit.andPtr(TrustedImm32(static_cast<int32_t>(~MarkedBlock::blockMask)), scratch2);
-    jit.rshift32(TrustedImm32(MarkedBlock::log2CardSize), scratch2);
+    jit.rshift32(TrustedImm32(MarkedBlock::cardShift), scratch2);
+    jit.andPtr(TrustedImm32(MarkedBlock::cardMask), scratch2);
     jit.store8(TrustedImm32(1), MacroAssembler::BaseIndex(scratch1, scratch2, MacroAssembler::TimesOne, MarkedBlock::offsetOfCards()));
 #endif

trunk/Source/JavaScriptCore/dfg/DFGJITCodeGenerator32_64.cpp

@@ -1256 +1256 @@
     jit.andPtr(TrustedImm32(static_cast<int32_t>(MarkedBlock::blockMask)), scratch1);
     jit.move(owner, scratch2);
-    jit.andPtr(TrustedImm32(static_cast<int32_t>(~MarkedBlock::blockMask)), scratch2);
-    jit.rshift32(TrustedImm32(MarkedBlock::log2CardSize), scratch2);
+    jit.rshift32(TrustedImm32(MarkedBlock::cardShift), scratch2);
+    jit.andPtr(TrustedImm32(MarkedBlock::cardMask), scratch2);
     jit.store8(TrustedImm32(1), MacroAssembler::BaseIndex(scratch1, scratch2, MacroAssembler::TimesOne, MarkedBlock::offsetOfCards()));
 #endif

trunk/Source/JavaScriptCore/heap/AllocationSpace.cpp

@@ -163 +163 @@
 }
 
+#if ENABLE(GGC)
+class GatherDirtyCells {
+    WTF_MAKE_NONCOPYABLE(GatherDirtyCells);
+public:
+    typedef void* ReturnType;
+    
+    explicit GatherDirtyCells(MarkedBlock::DirtyCellVector*);
+    void operator()(MarkedBlock*);
+    ReturnType returnValue() { return 0; }
+    
+private:
+    MarkedBlock::DirtyCellVector* m_dirtyCells;
+};
+
+inline GatherDirtyCells::GatherDirtyCells(MarkedBlock::DirtyCellVector* dirtyCells)
+    : m_dirtyCells(dirtyCells)
+{
 }
+
+inline void GatherDirtyCells::operator()(MarkedBlock* block)
+{
+    block->gatherDirtyCells(*m_dirtyCells);
+}
+
+void AllocationSpace::gatherDirtyCells(MarkedBlock::DirtyCellVector& dirtyCells)
+{
+    GatherDirtyCells gatherDirtyCells(&dirtyCells);
+    forEachBlock(gatherDirtyCells);
+}
+#endif
+
+}

trunk/Source/JavaScriptCore/heap/AllocationSpace.h

@@ -51 +51 @@
     void setHighWaterMark(size_t bytes) { m_markedSpace.setHighWaterMark(bytes); }
     size_t highWaterMark() { return m_markedSpace.highWaterMark(); }
-    
+
+    void gatherDirtyCells(MarkedBlock::DirtyCellVector&);
+
     template<typename Functor> typename Functor::ReturnType forEachCell(Functor&);
     template<typename Functor> typename Functor::ReturnType forEachCell();

trunk/Source/JavaScriptCore/heap/CardSet.h

@@ -35 +35 @@
 template <size_t cardSize, size_t blockSize> class CardSet {
     WTF_MAKE_NONCOPYABLE(CardSet);
+
+public:
     static const size_t cardCount = (blockSize + cardSize - 1) / cardSize;
 
-public:
     CardSet()
     {
@@ -46 +47 @@
     void markCardForAtom(const void*);
     uint8_t& cardForAtom(const void*);
+    bool isCardMarked(size_t);
+    void clearCard(size_t);
 
 private:
@@ -70 +73 @@
 }
 
+template <size_t cardSize, size_t blockSize> bool CardSet<cardSize, blockSize>::isCardMarked(size_t i)
+{
+    ASSERT(i < cardCount);
+    return m_cards[i];
+}
+
+template <size_t cardSize, size_t blockSize> void CardSet<cardSize, blockSize>::clearCard(size_t i)
+{
+    ASSERT(i < cardCount);
+    m_cards[i] = 0;
+}
+
 }
 

trunk/Source/JavaScriptCore/heap/Heap.cpp

@@ -472 +472 @@
     registerFile().gatherConservativeRoots(registerFileRoots, m_jettisonedCodeBlocks);
     m_jettisonedCodeBlocks.deleteUnmarkedCodeBlocks();
-
-    clearMarks();
+#if ENABLE(GGC)
+    MarkedBlock::DirtyCellVector dirtyCells;
+    // Until we have a sensible policy we just random choose to perform
+    // young generation collections 90% of the time.
+    if (WTF::randomNumber() > 0.1)
+        m_objectSpace.gatherDirtyCells(dirtyCells);
+    else
+#endif
+        clearMarks();
+
 
     SlotVisitor& visitor = m_slotVisitor;
     HeapRootVisitor heapRootVisitor(visitor);
-    
+
+#if ENABLE(GGC)
+    for (size_t i = 0; i < dirtyObjectCount; i++) {
+        heapRootVisitor.visitChildren(dirtyCells[i]);
+        visitor.drain();
+    }
+#endif
+
     visitor.append(machineThreadRoots);
     visitor.drain();

trunk/Source/JavaScriptCore/heap/Heap.h

@@ -241 +241 @@
     {
         WriteBarrierCounters::countWriteBarrier();
-        MarkedBlock::blockFor(owner)->setDirtyObject(owner);
+        MarkedBlock* block = MarkedBlock::blockFor(owner);
+        if (block->isMarked(owner))
+            block->setDirtyObject(owner);
     }
 

trunk/Source/JavaScriptCore/heap/HeapRootVisitor.h

@@ -44 +44 @@
         void visit(JSString**);
         void visit(JSCell**);
-        
+        void visitChildren(JSCell*);
+
         SlotVisitor& visitor();
 
@@ -76 +77 @@
     }
 
+    inline void HeapRootVisitor::visitChildren(JSCell* cell)
+    {
+        m_visitor.visitChildren(cell);
+    }
+
     inline SlotVisitor& HeapRootVisitor::visitor()
     {

trunk/Source/JavaScriptCore/heap/MarkStack.cpp

@@ -52 +52 @@
 }
 
-inline void SlotVisitor::visitChildren(JSCell* cell)
+void SlotVisitor::visitChildren(JSCell* cell)
 {
 #if ENABLE(SIMPLE_HEAP_PROFILING)

trunk/Source/JavaScriptCore/heap/MarkedBlock.h

@@ -30 +30 @@
 #include <wtf/PageAllocationAligned.h>
 #include <wtf/StdLibExtras.h>
+#include <wtf/Vector.h>
 
 // Set to log state transitions of blocks.
@@ -73 +74 @@
 
         static const size_t atomsPerBlock = blockSize / atomSize; // ~0.4% overhead
-        static const size_t bytesPerCard = 512; // 1.6% overhead
-        static const int log2CardSize = 9;
+        static const int cardShift = 10; // This is log2 of bytes per card.
+        static const size_t bytesPerCard = 1 << cardShift;
+        static const int cardCount = blockSize / bytesPerCard;
+        static const int cardMask = cardCount - 1;
 
         struct FreeCell {
@@ -124 +127 @@
         void setDirtyObject(const void* atom)
         {
+            ASSERT(MarkedBlock::blockFor(atom) == this);
             m_cards.markCardForAtom(atom);
         }
@@ -129 +133 @@
         uint8_t* addressOfCardFor(const void* atom)
         {
+            ASSERT(MarkedBlock::blockFor(atom) == this);
             return &m_cards.cardForAtom(atom);
         }
@@ -136 +141 @@
             return OBJECT_OFFSETOF(MarkedBlock, m_cards);
         }
+
+        typedef Vector<JSCell*, 32> DirtyCellVector;
+        inline void gatherDirtyCells(DirtyCellVector&);
 #endif
 
@@ -301 +309 @@
     }
 
+#if ENABLE(GGC)
+void MarkedBlock::gatherDirtyCells(DirtyCellVector& dirtyCells)
+{
+    COMPILE_ASSERT(m_cards.cardCount == cardCount, MarkedBlockCardCountsMatch);
+
+    ASSERT(m_state != New && m_state != FreeListed);
+    
+    // This is an optimisation to avoid having to walk the set of marked
+    // blocks twice during GC.
+    m_state = Marked;
+    
+    if (markCountIsZero())
+        return;
+    
+    size_t cellSize = this->cellSize();
+    const size_t firstCellOffset = firstAtom() * atomSize % cellSize;
+    
+    for (size_t i = 0; i < m_cards.cardCount; i++) {
+        if (!m_cards.isCardMarked(i))
+            continue;
+        char* ptr = reinterpret_cast<char*>(this);
+        if (i)
+            ptr += firstCellOffset + cellSize * ((i * bytesPerCard + cellSize - 1 - firstCellOffset) / cellSize);
+        else
+            ptr += firstAtom() * atomSize;
+        char* end = reinterpret_cast<char*>(this) + std::min((i + 1) * bytesPerCard, m_endAtom * atomSize);
+        
+        while (ptr < end) {
+            JSCell* cell = reinterpret_cast<JSCell*>(ptr);
+            ASSERT(*addressOfCardFor(cell));
+            if (isMarked(cell))
+                dirtyCells.append(cell);
+            ptr += cellSize;
+        }
+        m_cards.clearCard(i);
+    }
+}
+#endif
+
 } // namespace JSC
 

trunk/Source/JavaScriptCore/heap/SlotVisitor.h

@@ -32 +32 @@
 
 class SlotVisitor : public MarkStack {
+    friend class HeapRootVisitor;
 public:
     SlotVisitor(void* jsArrayVPtr);

trunk/Source/JavaScriptCore/jit/JITPropertyAccess.cpp

@@ -1045 +1045 @@
     andPtr(TrustedImm32(static_cast<int32_t>(MarkedBlock::blockMask)), scratch);
     move(owner, scratch2);
-    andPtr(TrustedImm32(static_cast<int32_t>(~MarkedBlock::blockMask)), scratch2);
-    rshift32(TrustedImm32(MarkedBlock::log2CardSize), scratch2);
+    rshift32(TrustedImm32(MarkedBlock::cardShift), scratch2);
+    andPtr(TrustedImm32(MarkedBlock::cardMask), scratch2);
     store8(TrustedImm32(1), BaseIndex(scratch, scratch2, TimesOne, MarkedBlock::offsetOfCards()));
     if (mode == ShouldFilterImmediates)