JavaScriptCore

carlosgc Mon, 05 May 2014 00:46:24 -0700

Title: [168261] releases/WebKitGTK/webkit-2.4/Source/_javascript_Core

Revision: 168261
Author: carlo...@webkit.org
Date: 2014-05-05 00:45:46 -0700 (Mon, 05 May 2014)

Log Message

Unreviewed. Revert r159826 - "Finally fix some obvious Bartlett bugs"


This reverts r159826.

Modified Paths

releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/ChangeLog
releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/dfg/DFGJITCompiler.h
releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/dfg/DFGOSREntry.cpp
releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/dfg/DFGOSREntry.h
releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/heap/Heap.cpp
releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/interpreter/JSStack.cpp
releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/interpreter/JSStack.h

Diff

Modified: releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/ChangeLog (168260 => 168261)


--- releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/ChangeLog	2014-05-05 07:37:35 UTC (rev 168260)
+++ releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/ChangeLog	2014-05-05 07:45:46 UTC (rev 168261)
@@ -7880,44 +7880,6 @@
         (JSC::SymbolTable::SymbolTable):
         * runtime/SymbolTable.h:
 
-2013-11-27  Filip Pizlo  <fpi...@apple.com>
-
-        Finally fix some obvious Bartlett bugs
-        https://bugs.webkit.org/show_bug.cgi?id=124951
-
-        Reviewed by Mark Hahnenberg.
-        
-        Sanitize the stack (i.e. zero parts of it known to be dead) at three key points:
-        
-        - GC.
-        
-        - At beginning of OSR entry.
-        
-        - Just as we finish preparing OSR entry. This clears those slots on the stack that
-          could have been live in baseline but that are known to be dead in DFG.
-        
-        This is as much as a 2x speed-up on splay if you run it in certain modes, and run it
-        for a long enough interval. It appears to fix all instances of the dreaded exponential
-        heap growth that splay gets into when some stale pointer stays around.
-        
-        This doesn't have much of an effect on real-world programs. This bug has only ever
-        manifested in splay and for that reason we thus far opted against fixing it. But splay
-        is, for what it's worth, the premiere GC stress test in _javascript_ - so making sure we
-        can run it without pathologies - even when you tweak its configuration - is probably
-        fairly important.
-
-        * dfg/DFGJITCompiler.h:
-        (JSC::DFG::JITCompiler::noticeOSREntry):
-        * dfg/DFGOSREntry.cpp:
-        (JSC::DFG::prepareOSREntry):
-        * dfg/DFGOSREntry.h:
-        * heap/Heap.cpp:
-        (JSC::Heap::markRoots):
-        * interpreter/JSStack.cpp:
-        (JSC::JSStack::JSStack):
-        (JSC::JSStack::sanitizeStack):
-        * interpreter/JSStack.h:
-
 2013-11-26  Filip Pizlo  <fpi...@apple.com>
 
         Do bytecode validation as part of testing

Modified: releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/dfg/DFGJITCompiler.h (168260 => 168261)


--- releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/dfg/DFGJITCompiler.h	2014-05-05 07:37:35 UTC (rev 168260)
+++ releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/dfg/DFGJITCompiler.h	2014-05-05 07:45:46 UTC (rev 168261)
@@ -270,8 +270,6 @@
                 entry->m_expectedValues.local(local).makeHeapTop();
             else {
                 VariableAccessData* variable = node->variableAccessData();
-                entry->m_machineStackUsed.set(variable->machineLocal().toLocal());
-                
                 switch (variable->flushFormat()) {
                 case FlushedDouble:
                     entry->m_localsForcedDouble.set(local);

Modified: releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/dfg/DFGOSREntry.cpp (168260 => 168261)


--- releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/dfg/DFGOSREntry.cpp	2014-05-05 07:37:35 UTC (rev 168260)
+++ releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/dfg/DFGOSREntry.cpp	2014-05-05 07:45:46 UTC (rev 168261)
@@ -52,9 +52,6 @@
     }
     
     VM* vm = &exec->vm();
-    
-    vm->interpreter->stack().sanitizeStack();
-    
     if (codeBlock->jitType() != JITCode::DFGJIT) {
         RELEASE_ASSERT(codeBlock->jitType() == JITCode::FTLJIT);
         
@@ -184,8 +181,7 @@
     //    it seems silly: you'd be diverting the program to error handling when it
     //    would have otherwise just kept running albeit less quickly.
     
-    unsigned frameSize = jitCode->common.requiredRegisterCountForExecutionAndExit();
-    if (!vm->interpreter->stack().grow(&exec->registers()[virtualRegisterForLocal(frameSize).offset()])) {
+    if (!vm->interpreter->stack().grow(&exec->registers()[virtualRegisterForLocal(jitCode->common.requiredRegisterCountForExecutionAndExit()).offset()])) {
         if (Options::verboseOSR())
             dataLogF("    OSR failed because stack growth failed.\n");
         return 0;
@@ -211,20 +207,11 @@
     for (unsigned i = entry->m_reshufflings.size(); i--;)
         registers[entry->m_reshufflings[i].toOffset] = temporaryLocals[i];
     
-    // 5) Clear those parts of the call frame that the DFG ain't using. This helps GC on some
-    //    programs by eliminating some stale pointer pathologies.
+    // 5) Fix the call frame.
     
-    for (unsigned i = frameSize; i--;) {
-        if (entry->m_machineStackUsed.get(i))
-            continue;
-        registers[virtualRegisterForLocal(i).offset()] = JSValue::encode(JSValue());
-    }
-    
-    // 6) Fix the call frame.
-    
     exec->setCodeBlock(codeBlock);
     
-    // 7) Find and return the destination machine code address.
+    // 6) Find and return the destination machine code address.
     
     void* result = codeBlock->jitCode()->executableAddressAtOffset(entry->m_machineCodeOffset);

Modified: releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/dfg/DFGOSREntry.h (168260 => 168261)


--- releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/dfg/DFGOSREntry.h	2014-05-05 07:37:35 UTC (rev 168260)
+++ releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/dfg/DFGOSREntry.h	2014-05-05 07:45:46 UTC (rev 168261)
@@ -59,7 +59,6 @@
     BitVector m_localsForcedDouble;
     BitVector m_localsForcedMachineInt;
     Vector<OSREntryReshuffling> m_reshufflings;
-    BitVector m_machineStackUsed;
 };
 
 inline unsigned getOSREntryDataBytecodeIndex(OSREntryData* osrEntryData)

Modified: releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/heap/Heap.cpp (168260 => 168261)


--- releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/heap/Heap.cpp	2014-05-05 07:37:35 UTC (rev 168260)
+++ releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/heap/Heap.cpp	2014-05-05 07:45:46 UTC (rev 168261)
@@ -467,7 +467,6 @@
     {
         GCPHASE(GatherStackRoots);
         stack().gatherConservativeRoots(stackRoots, m_jitStubRoutines, m_codeBlocks);
-        stack().sanitizeStack();
     }
 
 #if ENABLE(DFG_JIT)

Modified: releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/interpreter/JSStack.cpp (168260 => 168261)


--- releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/interpreter/JSStack.cpp	2014-05-05 07:37:35 UTC (rev 168260)
+++ releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/interpreter/JSStack.cpp	2014-05-05 07:45:46 UTC (rev 168261)
@@ -52,8 +52,6 @@
     m_reservation = PageReservation::reserve(roundUpAllocationSize(capacity * sizeof(Register), commitSize), OSAllocator::JSVMStackPages);
     updateStackLimit(highAddress());
     m_commitEnd = highAddress();
-    
-    m_lastStackTop = getBaseOfStack();
 
     disableErrorStackReserve();
 
@@ -103,19 +101,6 @@
     conservativeRoots.add(getBaseOfStack(), getTopOfStack(), jitStubRoutines, codeBlocks);
 }
 
-void JSStack::sanitizeStack()
-{
-    ASSERT(getTopOfStack() <= getBaseOfStack());
-    
-    if (m_lastStackTop < getTopOfStack()) {
-        char* begin = reinterpret_cast<char*>(m_lastStackTop);
-        char* end = reinterpret_cast<char*>(getTopOfStack());
-        memset(begin, 0, end - begin);
-    }
-    
-    m_lastStackTop = getTopOfStack();
-}
-
 void JSStack::releaseExcessCapacity()
 {
     ptrdiff_t delta = reinterpret_cast<uintptr_t>(highAddress()) - reinterpret_cast<uintptr_t>(m_commitEnd);

Modified: releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/interpreter/JSStack.h (168260 => 168261)


--- releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/interpreter/JSStack.h	2014-05-05 07:37:35 UTC (rev 168260)
+++ releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/interpreter/JSStack.h	2014-05-05 07:45:46 UTC (rev 168261)
@@ -82,7 +82,6 @@
         
         void gatherConservativeRoots(ConservativeRoots&);
         void gatherConservativeRoots(ConservativeRoots&, JITStubRoutineSet&, CodeBlockSet&);
-        void sanitizeStack();
 
         Register* getBaseOfStack() const
         {
@@ -157,7 +156,6 @@
         Register* m_useableEnd;
         PageReservation m_reservation;
         CallFrame*& m_topCallFrame;
-        Register* m_lastStackTop;
 
         friend class LLIntOffsetsExtractor;
     };

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

[webkit-changes] [168261] releases/WebKitGTK/webkit-2.4/Source/JavaScriptCore

Log Message

Modified Paths

Diff

Modified: releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/ChangeLog (168260 => 168261)

Modified: releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/dfg/DFGJITCompiler.h (168260 => 168261)

Modified: releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/dfg/DFGOSREntry.cpp (168260 => 168261)

Modified: releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/dfg/DFGOSREntry.h (168260 => 168261)

Modified: releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/heap/Heap.cpp (168260 => 168261)

Modified: releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/interpreter/JSStack.cpp (168260 => 168261)

Modified: releases/WebKitGTK/webkit-2.4/Source/_javascript_Core/interpreter/JSStack.h (168260 => 168261)

Reply via email to